All the misquoted theory below seems to be at odds with practice, I can't but speculate why someone would want to remove something except ...
On 2/19/16, Scott <[email protected]> wrote: >> And the attacks listed there rely on the MAC, which as you point out, Vim >> omits anyway. AND they are timing attacks, which if you have the >> capability to carry out on Vim's encryption, you could do much easier and >> more effective attacks anyway as I point out above. > > The set of attacks that apply against "we fucked up our protocol and shipped > something other than Encrypt-Then-MAC" is much, much smaller than the set of > attacks that apply against "we don't authenticate at all". > > The most trivial example of an attack against unauthenticated encryption was > Serge Vaudenay's CBC padding oracle attack against CBC mode (which is smilar > to CFB mode). > >> `[everything ` @tarcieri ` said]` > > 100% agreement. Encryption for the sake of encryption is a bad model. It > should have a defined purpose within an explicitly defined threat model in > terms of how real users would use the system. > > Vim would be much better off migrating away from this model and encouraging > Full Disk Encryption instead, i.e. dm_crypt. > > --- > Reply to this email directly or view it on GitHub: > https://github.com/vim/vim/issues/638#issuecomment-186083765 > > -- > -- > You received this message from the "vim_dev" maillist. > Do not top-post! Type your reply below the text you are replying to. > For more information, visit http://www.vim.org/maillist.php > > --- > You received this message because you are subscribed to the Google Groups > "vim_dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
