[kwlug-disc] encrypted files with vim

Hubert Chathi hubert at uhoreg.ca
Wed Sep 7 11:17:59 EDT 2022 

On Mon, 5 Sep 2022 21:08:56 -0400, Chris Frey <cdfrey at foursquare.net> said:

> On Mon, Sep 05, 2022 at 07:20:39PM -0400, Steve Izma wrote:
>> I've seen some controversy about the strengths of the encryption
>> methods, but I don't understand enough of the details to know how
>> much to worry. I assume that it's generally the case that the longer
>> the passphrase the better, probably minimally 12 to 15 characters?
>> More? Does that apply here?

> The behaviour matches what I've done manually with openssl command
> lines.  Only it's a lot easier with vim.  With openssl, if I got the
> passphrase wrong, it gave me garbage as well.

> So I assume the passphrase is manipulated until it has a suitable key
> of X bit length, to feed into the cypher.  I would assume that longer
> is better indeed.  Reading the openssl manpage, options like -md and
> others suggest that the passphrase is turned into a sha-256 sum, and
> that is used as the initial key to the cypher.  I'd be surprised if
> vim worked much differently.

The issue isn't so much about the bit length, but about the amount of
entropy (randomness).  An attacker won't try to guess the cipher key
directly; they'll try to guess your password and then derive the key
from that, which, unless your password has more than about 20 characters
to give you the 128 bits of entropy[1] that the weakest form of AES
uses, will be a much smaller search space, and much easier to do if it
just uses something like SHA-256 to derive the key.

The common way to counter that is to use a key stretching algorithm[2]
so that it takes longer to derive the cipher key from the passphrase.
The extra time that it takes is generally not noticeable to normal
users, but it will significantly increase the time taken for an attacker
who is trying many different passwords.  This means that you don't need
to have a full 128 bits (or whatever you need for your desired level of
security) of entropy in your password, but you can get away with
something less (depending on the parameters that you're using for the
key stretching).

I don't know if openssl does key stretching, and I find the openssl
documentation confusing.

[1] see the table at the bottom of
https://en.wikipedia.org/wiki/Password_strength#Random_passwords
[2] https://en.wikipedia.org/wiki/Key_stretching

More information about the kwlug-disc mailing list