On Thu, Apr 17, 2014 at 08:50:13AM +0200, Bram Moolenaar wrote: > > Stephen Braithwaite wrote: > > > I am a programmer, and would like to add AES to available encryptions, > > which currently is mostly only blowfish. > > Would such an addition be welcome? > > Would such a patch contributed by me be acceptable? > > Or are there good reasons why VIM should have only blowfish, and the > > original encryption available in VIM which is known to be broken, and > > whose name I have forgotten? > > The older encryption is what Zip uses. It's not broken, but it is a > weak encryption. Although in theory the key could be figured out, I have > nobody seen do it. > > I think it is good to add one more ecryption method. So that when one is > found unreliable, users can switch to the other one immediately. > > We should have a good review of the iplementation. It's easy to make a > small mistake that takes away most of the secrecy. > You do not have to trust implementation much if performance does not matter. Their composition with independent keys is likely as strong as strongest cipher used so user does not have to manually switch when one cipher becomes vulnerable.
I made two assumptions here, one is that composition does not weaken ciphers, which could happen if first cipher is vulnerable to choosen plaintext attacks and second cipher exploits that. Except NSA conspiracy I do not think this is case for well known ciphers. * Second problem are independent keys, a common method is use hash function and as i-th key use a hash(password.i). So to break a cipher you need either break all ciphers or break first cipher and invert hash function. * Or if you want to be sure create one time pad for each cipher, xor plaintext with all pads and encrypt i-th pad with i-th cipher. -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
