Ben Fritz wrote: > On Saturday, March 19, 2016 at 1:43:30 PM UTC-5, Demetri Obenour wrote: > > Argon2 is implemented in libsodium and is the winner of the Password > > Hashing Competition. It is designed as a KDF. > > > > > > However, note that the rest of Vim's cryptmethod is also poorly > > implemented. My suggestion is to use Argon2 as a KDF and either > > XSalsa20-Poly1305 or XChaCha20-Poly1305 (with a strong, random nonce) for > > authenticated encryption. > > > > > > libsodium provides high-level APIs for password hashing and authenticated > > encryption and is my strong suggestion. > > > > > > My thoughts on this are: > > It's best to use a library. With a library we're going to get any > security updates from people who presumably know what they're doing > and spend time learning about exploits so they can address them in > their code. Also researchers are actually likely to test an external > library, but not Vim's internal code.
libsodium is currently at version 1.0.8. The version included with Ubuntu is 1.0.3 ... > However it's useful to have *something* available on every system Vim > supports, so I think something should be baked in, still. Also Vim > needs to be able to read old files. We could use configure to find a library and when it's not available or older fall back to the built-in code. > Speaking of defaults: I think Vim should default to the strongest > method available. I additionally think Vim should warn on saving with > a known broken format such as the original blowfish implementation, or > the zip algorithm, or even blowfish2 without a decent KDF. Maybe even > compile without the broken algorithms altogether unless the user > specifically passes --include-bad-crypto to the configure script or > something. This has the danger of writing a file on one system, go on holiday and find out you can't open it on your laptop (that actually happened to me). I think there should be some number of months between making a new method available and making it the default. The original blowfish encryption is not broken, it's just weaker than it should be. It's still a lot stronger than zip. > Bram, are you already working on any of this? I have been thinking > about starting an implementation of some of the above but that's a lot > of work I don't want going to waste if you have other ideas. Maybe > hashing out a top-level interface and goals, then making a fork for > more distributed development, would be a decent idea? I don't think > any halfway implementations will be useful, especially since we'll > probably need to grow a blowfish3 or other cryptmethod to use the new > KDF (preferably in a forwards-compatible way to handle other new KDFs > that may come along in the future). No, several people have given their opinion but nobody has done actual work... -- Laughing helps. It's like jogging on the inside. /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
