On Do, 14 Aug 2014, Bram Moolenaar wrote: > Christian Brabandt wrote: > > > On So, 10 Aug 2014, Bram Moolenaar wrote: > > > > > Patch 7.4.399 > > > Problem: Encryption implementation is messy. Blowfish encryption has a > > > weakness. > > > Solution: Refactor the encryption, store the state in an allocated > > > struct > > > instead of using a save/restore mechanism. Introduce the > > > "blowfish2" method, which does not have the weakness and encrypts > > > the whole undo file. (largely by David Leadbeater) > > > > Perhaps, we should disallow to set the encryption method to the old/weak > > blowfish algorithm (or at least issue an error message here)? That > > should allow to still read old files, but should encourage users to use > > the new method. > > It's a bit tricky. When sharing a file between different computers some > may not have the new Vim version yet. Perhaps after a year or so we > could discourage writing with the old blowfish method.
Well, github shows currently 1070 results for :set cm=blowfish https://github.com/search?q=set+cm%3Dblowfish&ref=cmdform&type=Code&utf8=%E2%9C%93 (looks like most of them are in dotfiles). There are only a couple of references to :set cm=blowfish2 (all of which are either test71.in or the vim help files) That means, we leave all those users with the old and weak cipher. I see 2 possible solutions: 1) use the name blowfish for the new encryption and blowfish2 for the weak one and if Vim reads a file with the old encryption give a warning to use the blowfish2 encryption method. 2) make blowfish an alias for blowfish2 (so when a user sets blowfish, it really uses the strong encryption) and do not allow to use the weak encryption anymore (but allow to still read the weak method, but writing will use blowfish2). That has the disadvantage, that newly written files can't use the old weak encryption anymore and thus won't be able to be read by older Vims, but do we really want that?) Both methods should allow to be able to still use files, that have been encrypted with a vim version smaller than 7.4.399 In fact, if this is really a security issue, you might want to think about releasing a new Vim version 7.5 or at least have a new windows binary available. > We also still support the very old "zip" encryption, should we disable > writing with that now? Or discourage it, e.g. by prompting for > confirmation (would break scripts though). I would say, discourage it, by giving at least a warning (which could be made silent, if a user really wants that). In fact, I would probably disallow to set cm=zip manually (while still being able to read zip encrypted files). Best, Christian -- Im Idealen kommt alles auf die élans, im Realen auf die Beharrlichkeit an. -- Goethe, Maximen und Reflektionen, Nr. 701 -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
