On Friday, February 19, 2016 at 2:28:51 PM UTC-6, Thiago de Arruda wrote: > > If the encrypted file is stored in a shared server(or alternatives suggested > by @atoponce: Dropbox, Google Drive, NFS, Samba shares) a sysadmin could > brute force a weak password since Vim uses sha256 as KDF. Then it would > simply be a matter of encrypting the desired code(eg: an uncovered modeline > bug) and replacing the real ciphertext with the fabricated one. When the user > restores the backup on his own machine and decrypts the file, the code would > execute since there's no MAC validation) >
Except, if the nefarious admin has brute-forced the password to re-encrypt with desired modifications, then they'll just recalculate the MAC as well, right? So MAC wouldn't help for this attack. Better KDF for sure, though; we can't expect everyone to use 100+ bits of entropy in a password :-) -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
