On 15/02/13 08:08, Bram Moolenaar wrote: > > I think that a verification key will actually make it easier to crack > the password. Currently, when an attacker tries all kinds of passwords, > he also needs a way to verify the decrypted text is actually readable. > That is not so easy to do. With a verification key the verify part > becomes really easy and fast.
There's a lot of exploitable redundancy in a typical text file. For English text, you can just check if MSB of each byte is zero. The computational requirements are probably lower than verifying a MAC. You would need a very large password before similarly large candidate passwords started generating ASCII text, and if the password was so large, brute force wouldn't be a problem. You could devise a scheme involving compression to reduce the amount of redundancy in the message. But key strengthening (PBKDF2 etc.) is probably a more robust way to mitigate brute force attacks. -- Tim Starling -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
