On Thursday, August 25, 2016 at 11:33:33 AM UTC-5, Aaron Toponce wrote: > Blowfish is a 64-bit cipher. Given the recent news with the Sweet 32 Birthday > Attack on 64-bit ciphers, this bug really should be reconsidered. Not only > for authenticating the ciphertext, but also completely dropping Blowfish, and > using a 128-bit block cipher like AES instead. > >
Sweet32 relies on reading a LOT of data using the same key. It's processing HUNDREDS OF GIGABYTES of data over the course of many hours of network traffic. If you're encrypting hundreds of gigabytes in Vim using the same key, you're using it wrong. Vim is not a full-disk encryption system, nor a network data encryption tool. Blowfish is still useful in Vim. I agree we should add a new cipher without a bunch of caveats, and this specific issue regarding the weakness of the derived key needs fixing, but Sweet32 has nothing to do with any real-world scenario where Vim would be used. -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
