Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Vim encryption: how to break it?

Tags:

vim

vi

encryption

Recently I decided to encrypt my engineering log using vim's :X encryption feature. I wrote down the password, but evidently I misspelled something or messed something up because decrypting the file just gives gibberish. To make matters worse, all my backups are somehow corrupted (don't ask, I am not sure how either).

I am not going to make excuses: I know I messed up. Right now I want to focus on how I can fix the mess I've made.

Here's what I've tried:

  1. Use vimzipper to wrap the encrypted file in a zip so it can be cracked by standard zip crackers like fcrackzip, zipcracker, pkcrack, Advanced Zip Password Recovery, etc. Unfortunately this hasn't worked. I recovered a line of plaintext from the file using the leftover info from the registers in my VIMINFO, but I don't have the offset in the file for the recovered plaintext. Regardless, the zip cracking hasn't worked, even for a simple test file with a three-character vim password.

    (see http://zeus.phys.uconn.edu/refs/crackers/vimzipper.c)

  2. Recovery of the swapfile didn't work. When I re-opened the encrypted file with the bad password, vim overwrote the "good" swapfile.

  3. Run unixcrypt-breaker with a large database of plaintext (~30 books from Project Gutenberg) as reference data. This results in gibberish, even if I only seed unixcrypt-breaker with the recovered plaintext. Additionally, I can't seem to break even a simple test file encrypted with vim using this method. (FYI, I am stripping the VimCrypt~01! magic header before I run the decryption and I strip it off using vim in PASTE mode so I don't otherwise alter the file's contents).

  4. Desperately guess every password and misspelling I can imagine. I have spent at least six hours guessing what I could possibly have spelled wrong. :)

In order to rapidly try passwords from a program, I tried compiling an old UNIX copy of crypt/makekey, but the result of that is not the same as the same file being encrypted using vim's -x encryption and the same password.

If anyone can help, I'd hugely appreciate it. If not, thanks for reading. :)

like image 361
Jurgen Avatar asked Feb 22 '09 21:02

Jurgen


People also ask

How do I exit VI encryption?

You just have to enter an empty password twice. There will be no encryption. Show activity on this post. By canceling, you are ensured that the program will not do something unexpected with the prompted (empty) passwords.

How does vim encrypt files?

Vim, the popular text editor comes with a built-in feature to encrypt files with a password. Vim uses algorithms like Blowfish to encrypt files. It is faster and convenient than some other utilities available to do so.

Is vim encryption safe?

Vim uses a weak encryption method by default. Vim encrypts the file using an encryption method 'zip', the same encryption algorithm that is used by Pkzip (known to be flawed). You can set the default encryption to use the more secure 'blowfish' cipher.

How secure is blowfish2?

It is not secure. David Leadbeater posted POC code to brute-force upto 64 bytes in an article titled, somewhat ironically, Vim blowfish encryption... or why you shouldn't roll your own crypto. The Vim documentation now recommends: - The implementation of 'cryptmethod' "blowfish" has a flaw.


2 Answers

From the VIM documentation:

  • The algorithm used is breakable. A 4 character key in about one hour, a 6 character key in one day (on a Pentium 133 PC). This requires that you know some text that must appear in the file. An expert can break it for any key. When the text has been decrypted, this also means that the key can be revealed, and other files encrypted with the same key can be decrypted.

If it was feasible on a Pentium 133, I think you have a very good chance. :)

I would either use #vim to ask for details on the algorithm or browse through the source code to figure out how the encryption is working and then write a cryptanalysis program.

like image 119
ine Avatar answered Sep 23 '22 13:09

ine


Is it possible that you could have data corruption issues in addition to your encryption problems?

If I was going to brute force this, I think I would write an algorithm that would start to try all variations of the passwords I could have used before moving on to dictionary attacks. Yet, after hearing your story - I have this nagging feeling that you didn't forget your password, but rather there was a data corruption issue somewhere along the way that messed up your password/crypttext/cryptokey/whatever.

like image 35
Elijah Avatar answered Sep 25 '22 13:09

Elijah