* fritzophrenic <[email protected]> [160825 20:34]:
Thanks, fritzophrenic, for a very well thought out and constructive
response to this thread. I, too, think Vim's crypto could use a
well-planned overhaul, and I fully agree with deprecating (after better
encryption is implemented) but not discarding the existing crypto. The
help file, especially under 'cryptmethod', should also give appropriate
warnings about the level of security given (or not given) by the various
methods.
<soapbox>
For the others in this thread, it bothers me when security enthusiasts
make arguments that boil down to "use strong encryption or no
encryption". Security is always a trade-off between usability and
keeping something safe, whether it is financial information or jewelry.
> I am not suggesting there is nothing to fix. I think Vim's crypto is too
> weak for it to be very useful for important data.
^^^^^^^^^
That is the salient point. What type of data do people use Vim to
secure, and why do they choose Vim over other cryptographic tools to do
it?
Vim's existing weak encryption is probably perfectly fine for keeping
your snooping neighbor from reading your love letters to your fiance,
but it would not be appropriate for a dissident under a hostile
dictatorial regime to use to hide information being sent to Amnesty
International.
Would the dissident choose Vim to do the cryptography? If it were me, I
wouldn't, even if Vim's encryption were believed to be strong; it is
simply not the right tool.
That is how I interpret Bram's responses to the repeated requests to
remove the existing encryption code due to its lack of strength. Vim's
encryption was never intended to replace tools whose purpose was to give
strong encryption; it was meant to give a simple-to-use encryption where
the potential damage resulting from cracking was low, as opposed to the
potential for cracking being low.
There was, in the recent past, a request on the Debian development ML to
remove all fingerprint reader code from Debian because biometric
identification is known to be weak security. While I believe the
requests on this list for the removal (immediate or not) of Vim's
existing crypto to be well intentioned, I also think they are as
over-zealous as the request for removal of all fingerprint reader code.
Match the level of security with the use-case, especially when using a
higher level has significant usability downsides. In this case,
removing the old crypto from Vim will negatively impact many existing
users who _do not require_ higher security.
</soapbox>
...Marvin
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
