Key strengthening is done in vim73. Compression would be nice before encryption; Alternatively you can just use gpg or pgp (compression, encryption, mac signatures, multiple keys), there was a vim plugin to do that.
On Fri, Feb 15, 2013 at 11:10 AM, Tim Starling <[email protected]> wrote: > On 15/02/13 08:08, Bram Moolenaar wrote: >> >> I think that a verification key will actually make it easier to crack >> the password. Currently, when an attacker tries all kinds of passwords, >> he also needs a way to verify the decrypted text is actually readable. >> That is not so easy to do. With a verification key the verify part >> becomes really easy and fast. > > There's a lot of exploitable redundancy in a typical text file. For > English text, you can just check if MSB of each byte is zero. The > computational requirements are probably lower than verifying a MAC. > You would need a very large password before similarly large candidate > passwords started generating ASCII text, and if the password was so > large, brute force wouldn't be a problem. > > You could devise a scheme involving compression to reduce the amount > of redundancy in the message. But key strengthening (PBKDF2 etc.) is > probably a more robust way to mitigate brute force attacks. > > -- Tim Starling > > -- > -- > You received this message from the "vim_dev" maillist. > Do not top-post! Type your reply below the text you are replying to. > For more information, visit http://www.vim.org/maillist.php > > --- > You received this message because you are subscribed to the Google Groups > "vim_dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
