On Wed, Jul 03, 2019 at 11:43:52PM +0200, Bram Moolenaar wrote: [...] > This requires finding a portable implementation that is "state of the > art" and has a compatible license. The implementation must make sure > that the encryption is not weakened by how the algorithm is used.
Doing modern passphrase-based encryption in a secure way is pretty easy. A simple and secure approach is to use the AES-256-CBC cipher on the actual data, using the SHA256 hash of the passphrase as the encryption key and the MD5 hash of the passphrase as the initialization vector (IV). Another option is to generate a random key and IV then encrypt that with 3DES and place it as a header on the ciphertext. People with a deeper understanding of math can chime in with analysis of the relative randomness and security of a SHA256 hash of a passphrase vs. the randomness of a locally generated key and security of 3DES. Either way, the user sees it as a passphrase being used to encrypt and decrypt. As for compatible licenses, GnuTLS is LGPL and supports all three (SHA256, MD5, and AES-256-CBC). OpenSSL 3.0.0 and later is Apache v2 and supports all three. LibreSSL is under the same dual license as OpenSSL pre-3.0.0, both of which are BSD-like licenses (probably compatible?), and supports all three. Another one I don't know as well, but implements SSL/TLS so (almost) certainly implements both hashes and the cipher, is mbedTLS (Apache 2.0 or GPLv2). I'm not sure what the criteria are for "portable", but I believe all of those build on (and may even be provided by) every platform Vim supports. --Greg P.S. I'm not volunteering to do the development. My plate is full. > Anyone interested? > > -- > You got to work at a mill? Lucky! I got sent back to work in the > acid-mines for my daily crust of stale bread... which not even the > birds would eat. > > /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ > /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ > \\\ an exciting new programming language -- http://www.Zimbu.org /// > \\\ help me help AIDS victims -- http://ICCF-Holland.org /// > > -- > -- > You received this message from the "vim_dev" maillist. > Do not top-post! Type your reply below the text you are replying to. > For more information, visit http://www.vim.org/maillist.php > > --- > You received this message because you are subscribed to the Google Groups > "vim_dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/vim_dev/201907032143.x63Lhqa9001188%40masaka.moolenaar.net. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/20190703222254.GB2553%40anthropohedron.net. For more options, visit https://groups.google.com/d/optout.
