I think the vim-crypt is secure and safe as is implemented; the only reason someone would want it removed is because they are unable to bruteforce crack it without a MAC to check if they succeeded.
On Tue, Feb 16, 2016 at 9:44 AM, Aaron Toponce <[email protected]> wrote: > When using cryptmethod=blowfish2, the saved ciphertext is not > authenticated with a message authentication code ("MAC tag"). Consider > saving "Lorem ipsum dolor sit amet, consectetur adipiscing elit." to a text > file, and getting the SHA-256 digest of the ciphertext: > > $ vim -x /tmp/lorem.txt > (Use "vim" as the passphrase) > $ sha256sum /tmp/lorem.txt > 510e57357353d511dac719bc238900456332ca0e4c00bcf12d244fdc66355f8e > /tmp/lorem.txt > > Now deliberately corrupt the file: > > $ dd seek=50 conv=notrunc bs=1 count=10 if=/dev/urandom of=/tmp/lorem.txt > 10+0 records in > 10+0 records out > 10 bytes copied, 0.000293754 s, 34.0 kB/s > > Notice the SHA-256 digest has changed. Open the file, and notice that the > plaintext has changed: > > $ sha256sum /tmp/lorem.txt > f17d3494643ed8bef5f0ba7fd67af6682f0332a0bccf52e9a2640604bec0b111 > /tmp/lorem.txt > $ vim -x /tmp/lorem.txt > (Use "vim" as the passphrase) > > I get "Lorem ipsum dolor sit £ÕH<8a>`7^T¸³#÷f;Qüצadipiscing elit." > returned. Your mileage may vary. > > If the ciphertext was authenticated with a cryptographically secure > hashing function (Skein > <https://en.wikipedia.org/wiki/Skein_%28hash_function%29> by Bruce > Schneier would be fitting, given the use of his Blowfish algorithm as the > symmetric cipher), and if the MAC tag was calculated on the ciphertext, > then when attempting to decrypt, if the MAC tag did not match the newly > calculated MAC tag, Vim should error out, rather than decrypting and > displaying the file. See the Wikipedia article on "Encrypt-then-MAC > <https://en.wikipedia.org/wiki/Authenticated_encryption#Encrypt-then-MAC_.28EtM.29> > ". > > Vim should use "Encrypt-then-MAC" authenticated encryption when using > cryptmethod. > > — > Reply to this email directly or view it on GitHub > <https://github.com/vim/vim/issues/638>. > > -- > -- > You received this message from the "vim_dev" maillist. > Do not top-post! Type your reply below the text you are replying to. > For more information, visit http://www.vim.org/maillist.php > > --- > You received this message because you are subscribed to the Google Groups > "vim_dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
