On Thursday, February 14, 2013 11:59:48 AM UTC-6, Ulrik wrote: > Hi, > > > > The blowfish encryption mode is vulnerable (not to revelation of the > > plaintext), but the encryption is not checked for integrity or > > authenticity. This means that someone might corrupt the encrypted file > > (hexedit or similar), and vim will decrypt it without notice of error or > > warning. > > > > This attack allows someone to modfiy encrypted files so that the owner > > doesn't notice. With sufficient tries or skill it might be possible to > > change a file's values in a predictable way at a certain offset. > >
I kind of like this idea, however, the point of Vim's encryption is not so you can send somebody a file and have them know it has not been modified. For this, you would need authentication as you say. The point of Vim's encryption is so that somebody who somehow gains access to a copy of a sensitive file (or somebody who hops on your computer while you step out a bit) can't SEE sensitive data. If an attacker has write access to your sensitive files, you have other problems. -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
