| |||||||||||||
two others: oplop and vim -xtwo others: oplop and vim -xPosted Nov 11, 2011 23:11 UTC (Fri) by brian (subscriber, #6517)Parent article: A Periodic Table of password managers
(Log in to post comments)
vim -x Posted Nov 13, 2011 20:55 UTC (Sun) by idupree (subscriber, #71169) [Link]
Specifically, only use vim encryption in vim >= 7.3 (upstream released it in Aug 2010, so e.g. Ubuntu 10.04 LTS definitely doesn't have it). Earlier versions of Vim use a cryptographically unsound encryption scheme, new versions use Blowfish. Also you need to set the right Vim options to prevent information leaks; e.g.
set nobackup
I suspect noswapfile isn't needed if the announcement I just looked up is correct [1], but without set viminfo= I definitely got information leaks into ~/.viminfo , even though the tutorial Google found [2] fails to mention that. Has anyone thoroughly examined vim to give us a way to confidently use vim encryption securely?
But on the plus side, I predict this Vim feature will still be here in ten years, and I have no confidence that the popular GUI password-specific programs will be the same ones by then...
[1] https://groups.google.com/group/vim_announce/browse_threa... linked from vim.org, except that Google claims that vim-announce violated its TOS rather than showing me the message (?!) so I found something on archive.org that looks like it's the announcement, http://web.archive.org/web/20110103012145/https://groups....
[2] http://www.techrepublic.com/blog/security/vim-offers-stro...
vim -x Posted Nov 15, 2011 10:06 UTC (Tue) by ebirdie (subscriber, #512) [Link]
A vim script/plugin gnupg.vim (http://www.vim.org/scripts/script.php?script_id=661) helps also.
It does set all the above options except nowritebackup, I just checked.
|
|||||||||||||