[nknighthb]

The editor doesn't have to do crypto itself to know it's dealing with sensitive content. A somewhat overblown concern in the age of encrypted swap, anyway.

Cleartext doesn't have to be saved to disk for a separate tool to be used. You can pretty much use GPG from vim as-is just by piping the buffer through it: ":%!gpg -e -a -r yourself" and ":%!gpg -d". The vim GPG plugins can take care of the remaining annoyances.

[agwa]

It's not just swap (I don't think encrypted swap is that common anyways) but also the viminfo and swp files.

The UX for vim's encryption is really good - it's convenient and easy to use. Any replacement would need to be equally easy and well-integrated. If you require users to do manual steps, like type commands or remember to tell vim that it's editing sensitive content, then mistakes will be made that harm security. If the plugin interface can provide a sufficient level of integration, that's great and would be a good alternative to building crypto into vim itself.

[nknighthb]

Every OS has supported encrypted swap for some time now. It's the default on Macs since Mountain Lion and either the default or a checkbox away on popular Linux distributions. It's a single terminal command in Windows, and encryption of everything is default in Windows 8.1 with a TPM 2.0 module.

They all support general disk/filesystem encryption, too. If you're technically minded enough to be using vim and trying to encrypt files with it, and you're not using an encrypted filesystem to start with, you're pretty nuts.

The core UX for gnupg.vim is open .gpg/.pgp/.asc file, be automatically prompted for passphrase (unless file is new), edit file, save (be prompted for recipients if new). Done.

You're obviously going to have to complain to the vim maintainers about sensitive content. There's been a patch floating around for over a decade to get vim to support mlock. Its blowfish encryption is certainly no safer than gnupg.vim in that regard. gnupg.vim does turn off the viminfo/swapfile/undofile functionality.

[agwa]

> The core UX for gnupg.vim is open .gpg/.pgp/.asc file, be automatically prompted for passphrase (unless file is new), edit file, save (be prompted for recipients if new). Done.

> gnupg.vim does turn off the viminfo/swapfile/undofile functionality.

Thanks. That is excellent UX and knowing that I can agree it's what people should use instead of the built-in encryption.

[sigzero]

Exactly why I love that it is baked into Vim.

[agwa]

Just make sure you're using the latest version and set cryptmethod=blowfish2!

Edit: Actually just use gnupg.vim - as nknighthb has explained the UX is just as good as vim's builtin encryption, and then you don't have to worry that this whole thread about vim's builtin encryption was predicated with "...if implemented properly...", which you certainly can't take for granted.

[nknighthb]

And then reflect on the fact that you're still using a joke of a "KDF". SHA256 1001 times? Really? (And it doesn't even so much as have provision for upping the number of iterations!)

Like TFA says, don't roll your own crypto. GnuPG exists for a reason.

[bascule]

Not to mention that a large set of keys are known to be reflectively weak under Blowfish:

http://iacr.org/archive/fse2007/45930168/45930168.pdf

And of course there's ciphertext malleability attacks as it's not using authenticated encryption