On Monday, March 21, 2016 at 11:00:31 AM UTC-5, Ben Fritz wrote: > On Saturday, March 19, 2016 at 1:43:30 PM UTC-5, Demetri Obenour wrote: > > Argon2 is implemented in libsodium and is the winner of the Password > > Hashing Competition. It is designed as a KDF. > > > > > > However, note that the rest of Vim's cryptmethod is also poorly > > implemented. My suggestion is to use Argon2 as a KDF and either > > XSalsa20-Poly1305 or XChaCha20-Poly1305 (with a strong, random nonce) for > > authenticated encryption. > > > > > > libsodium provides high-level APIs for password hashing and authenticated > > encryption and is my strong suggestion. > > > > > > My thoughts on this are: >
Oh, and I forgot one more: While there *may* not be any exploitable weakness related to non-authenticated encryption *in Vim's case*, we can't prove it. And, if such an attack exists, Vim *will* be vulnerable. If we're already modifying the crypto code (and we should, because the KDF is way too weak) then we may as well throw in a MAC to prevent the *possibility* of a chosen-ciphertext attack. It shouldn't harm anything and it could potentially help a lot. I say we re-open the issue that got created for non-authenticated encryption. -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
