On Thu, Mar 24, 2016 at 10:54 AM, Benjamin Fritz <fritzophre...@gmail.com> wrote:
> > > On Thu, Mar 24, 2016 at 6:08 AM, Bram Moolenaar <b...@moolenaar.net> > wrote: > > > > > > Ben Fritz wrote: > > > > > On Wed, Mar 23, 2016 at 4:58 PM, Bram Moolenaar <b...@moolenaar.net> > wrote: > > > > The original blowfish encryption is not broken, it's just weaker > than it > > > > should be. It's still a lot stronger than zip. > > > > > > Is it? This page makes it sound like "blowfish" was pretty much > completely > > > broken if you knew any of the plaintext: > https://dgl.cx/2014/10/vim-blowfish > > > > Your definition of broken is wrong. Broken means it doesn't work at > > all. e.g., Vim crashes when using it, or when decrypting you can't get > > back the original text. When do you call a car broken? When you can't > > drive. Not when you can't open the window. > > > > I call something "broken" when it cannot serve its intended purpose. > Cryptography's purpose is to keep data secret. > The purpose of *Vim*'s cryptography, as Bram is trying to stress and nobody seems to ever internalize, is to keep data secret from neighbors and family members, i.e., people not sophisticated enough or motivated enough to e.g., realize that it's VimCrypt, find that webpage, know what a perl script is, know how to apply it, etc. It is pretty clearly implied in ":h encrypt" that the purpose of Vim's encryption is not to keep data secret from people who even partly know what they're doing. For this purpose, it works. But really: it shouldn't be Vim's job to encrypt files on disk anymore than it's Vim's job to do compression and decompression. There are plugins to use GPG transparently like there are for compressing and decompressing transparently. -Manny -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.