On Monday, February 15, 2016 at 10:19:46 PM UTC-6, Tony Arcieri wrote: > I brought up a similar issue with neovim, suggesting crypto be removed: > neovim/neovim#694 > > > Using malleable, unauthenticated cryptography exposes you to a whole class of > attacks which modern authenticated ciphers prevent. You should really use the > latter. >
In communication over an untrusted network, sure. Absolutely. But what sorts of attacks does this leave you vulnerable for local storage on one computer where the "receiver" of the data is the same person as the "sender"? This isn't Alice, Bob, and Eve. This is Alice trying to protect a file from someone who comes along afterward and can't manipulate or learn about any of the encryption in real time. If you're worried about someone being able to write files on the machine, then what about a script that creates a file in ~/.vim/plugin, which will install an autocmd to dump a plaintext copy of a buffer any time it sees that encryption is enabled after reading the file? That would be a much easier attack with much higher chances of success, and probably less chance of detection. Or just get access to the memory of the Vim process somehow, since apparently you can run arbitrary processes on the system. As Bram points out, Vim's encryption isn't trying to protect the integrity of data. Only its secrecy. If I'm missing an attack vector here that compromises the ability to keep the plaintext secret, please enlighten me, and I'd be more than happy to see Vim's encryption go (or get fixed). > > As to the threat model and specific attacks, we can try to talk about that, > but really most excuses I've seen people make about failing to move to > modern, authenticated ciphers have only lead to additional attacks. See also > @moxie0's The Cryptographic Doom Principle: > > > http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/ > This article seems to talk entirely about point-to-point protocols with an eavesdropper (with active attacks even, not just passive listening). That's nothing like what Vim is doing. And the attacks listed there rely on the MAC, which as you point out, Vim omits anyway. AND they are timing attacks, which if you have the capability to carry out on Vim's encryption, you could do much easier and more effective attacks anyway as I point out above. -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
