Last week I suggested that application-specific encryption can solve some data confidentiality problems better than a sweeping approach like whole-disk encryption. One thing you learn in Learning Tree’s Linux introduction course, or the Linux server administration course that follows it, or the optimization and troubleshooting course or another follow-up, is that you are never done learning more skills with some of the more complex commands like the vim
editor!
vim
The safest way to do this is to add the following to your ~/.vimrc
file:
set cm=blowfish2 set viminfo= set nobackup set nowritebackup
The first line sets the “cryptmethod” to blowfish2
. This uses the Blowfish cipher in an improved mode. If you set this to simply blowfish
without the “2”, it does use the Blowfish cipher, but in a strangely weakened mode.
The second line suppresses the use of a ~/.viminfo
file. That file can be handy, as it remembers where you were within each file, your recent searches, and other recent details, but therein lies the danger! The third and fourth lines suppress similarly dangerous use of backup files.
You use encryption by pressing :X
within a vim
session. You will be asked for a pass phrase (twice), and from now on that file will be saved in encrypted mode. You will see [blowfish2]
on the status line at bottom when you write out the file. A salt is used, so each subsequent encryption of the same cleartext with the same pass phrase generates different ciphertext.
The next time you try to open the file, you will be asked for the pass phrase. Anything other than the correct pass phrase puts you into a buffer of ciphertext gibberish.
We need vim
version 7.3 or later to support the weaker blowfish
, and version 7.4.399 or later for blowfish2
.
I became enthused about this after some experimentation on my laptop where I run OpenBSD, a UNIX-family operating system designed for security. OpenBSD includes vim
version 7.4.769.
Unfortunately, many otherwise current Linux distributions do not include recent enough vim
to support the blowfish2
method! RHEL and CentOS 7, for example, come with vim
version 7.4.160.
The weaker blowfish
isn’t so weak as to run the cipher in ECB or Electronic Codebook Mode, but it’s close. A very short explanation here says that blowfish2
uses CFB or Cipher Feedback Mode on 64-bit blocks.
Let’s test this!
I created a file with one long line of 511 “o” characters, and vim
will put a newline at the end. I made two copies, testfile-blowfish
and testfile-blowfish2
. Then I encrypt each file with vim
in the corresponding mode.
Here’s the better version. Even though the cleartext is constant, the ciphertext looks random. This is what we want:
$ file testfile-blowfish2 testfile-blowfish2: Vim encrypted file data $ hexdump -C testfile-blowfish2 | head 00000000 56 69 6d 43 72 79 70 74 7e 30 33 21 d8 fa 79 1b |VimCrypt~03!..y.| 00000010 5c 7a f6 42 1a 13 44 56 96 da 1c 78 ce da bc 60 |\z.B..DV...x...`| 00000020 7c cf 67 2f 6d 12 bb ce 56 4d 05 27 a5 dc 96 a2 ||.g/m...VM.'....| 00000030 c7 09 6b 38 d9 48 b3 2a e3 ab a2 0e 6d ac 32 7a |..k8.H.*....m.2z| 00000040 fb 6d 5f ba 46 f1 fb 2d 84 d9 28 69 f9 1a 0d b6 |.m_.F..-..(i....| 00000050 52 04 2f 9b 55 f7 e6 10 9c d2 9c 8b 3a 7f 81 24 |R./.U.......:..$| 00000060 83 c2 65 20 cf 47 19 af 4a d9 67 34 92 82 9a b5 |..e .G..J.g4....| 00000070 7b a7 34 54 de 6a 7f 64 bc d8 35 55 b6 0f c2 5f |{.4T.j.d..5U..._| 00000080 7c 44 38 13 03 cf da 74 96 89 f1 03 d9 87 f6 57 ||D8....t.......W| 00000090 6b a5 d7 3d 07 60 4f 4d 12 28 23 fd 01 b7 77 2e |k..=.`OM.(#...w.|
Unfortunately, when I copy that to the latest RHEL/CentOS, their older vim
reports that the file is encrypted with an unknown method.
Here’s the weaker version. There is a 12 byte header and then repeating patterns appear in the ciphertext — 8 repeats each of 8-byte patterns. Information is leaking through!
$ file testfile-blowfish testfile-blowfish: Vim encrypted file data $ hexdump -C testfile-blowfish 00000000 56 69 6d 43 72 79 70 74 7e 30 32 21 b1 79 66 42 |VimCrypt~02!.yfB| 00000010 54 f5 3d e0 7f af 09 70 cb 9e e2 a9 e9 91 5e 4c |T.=....p......^L| 00000020 24 04 3f 10 e9 91 5e 4c 24 04 3f 10 e9 91 5e 4c |$.?...^L$.?...^L| * 00000050 24 04 3f 10 e9 91 5e 4c 24 04 3f 10 6f 86 fb 2c |$.?...^L$.?.o..,| 00000060 cb f7 d7 da 6f 86 fb 2c cb f7 d7 da 6f 86 fb 2c |....o..,....o..,| * 00000090 cb f7 d7 da 6f 86 fb 2c cb f7 d7 da 44 fc 47 01 |....o..,....D.G.| 000000a0 04 08 33 96 44 fc 47 01 04 08 33 96 44 fc 47 01 |..3.D.G...3.D.G.| * 000000d0 04 08 33 96 44 fc 47 01 04 08 33 96 e8 eb d9 d0 |..3.D.G...3.....| 000000e0 0b 02 f4 0e e8 eb d9 d0 0b 02 f4 0e e8 eb d9 d0 |................| * 00000110 0b 02 f4 0e e8 eb d9 d0 0b 02 f4 0e 83 5d 22 ea |.............]".| 00000120 4d 99 d7 ee 83 5d 22 ea 4d 99 d7 ee 83 5d 22 ea |M....]".M....]".| * 00000150 4d 99 d7 ee 83 5d 22 ea 4d 99 d7 ee c3 06 fd 96 |M....]".M.......|
For now, the weaker blowfish
method is strong enough for some applications, and I’ll use it in the interest of portability. But I will keep watching the major Linux distributions to see when their vim
catches up!