On 25.09.16 16:24, Stefan Klein wrote: > Hi, > > I wonder how string the builtin encryption of vim really is. > The manpage states: "cryptmethod zip [ ... ] breakable [ ... ] a 6 > character key in one day (on a Pentium 133 PC)" > Guess today's computers will use seconds if not microseconds. > > But what about blowfish2? > > Was this ever reviewed? Are there any tools out there to crack it > (with weak keys) to get an idea how long it would take with a complex > key?
We discussed that on this list on 15.09.15, and the last post at: https://groups.google.com/forum/#!searchin/vim_use/VimCrypt$3A$20A$20small$20framework$20for$20encryption/vim_use/SjP-JQB6Tgo/RM8xhTG-AQAJ has a bit of a look at it. In short, blowfish2 is probably OK for encrypting small (wrt 4 GB) files, but switching to twofish would be prudent. > I wonder if it's safe to put a blowfish2 crypted password file on a > cloud drive, how long it would take for it to be cracked if someone > really tries to. Decrypting a small file is much harder. Use a strong key. Don't put any banking passwords in there. As it's not behind a firewall, switch to twofish for such exposure. ... I wouldn't put it out there. The simplest way to switch to twofish might be one of: $ apt-cache search twofish ... keepassx - Cross Platform Password Manager mcrypt - Replacement for old unix crypt(1) Erik (Who might just invoke mcrypt on vimming such a file, rather than relying on blowfish2, adequate though it ought to be on small files with strong keys.) -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
