Menu
Recently I decided to encrypt my engineering log using vim's :X encryption feature. I wrote down the password, but evidently I misspelled something or messed something up because decrypting the file just gives gibberish. To make matters worse, all my backups are somehow corrupted (don't ask, I am not sure how either).
I am not going to make excuses: I know I messed up. Right now I want to focus on how I can fix the mess I've made.
Here's what I've tried:
Use vimzipper to wrap the encrypted file in a zip so it can be cracked by standard zip crackers like fcrackzip, zipcracker, pkcrack, Advanced Zip Password Recovery, etc. Unfortunately this hasn't worked. I recovered a line of plaintext from the file using the leftover info from the registers in my VIMINFO, but I don't have the offset in the file for the recovered plaintext. Regardless, the zip cracking hasn't worked, even for a simple test file with a three-character vim password.
(see http://zeus.phys.uconn.edu/refs/crackers/vimzipper.c)
Recovery of the swapfile didn't work. When I re-opened the encrypted file with the bad password, vim overwrote the "good" swapfile.
Run unixcrypt-breaker with a large database of plaintext (~30 books from Project Gutenberg) as reference data. This results in gibberish, even if I only seed unixcrypt-breaker with the recovered plaintext. Additionally, I can't seem to break even a simple test file encrypted with vim using this method. (FYI, I am stripping the VimCrypt~01! magic header before I run the decryption and I strip it off using vim in PASTE mode so I don't otherwise alter the file's contents).
Desperately guess every password and misspelling I can imagine. I have spent at least six hours guessing what I could possibly have spelled wrong. :)
In order to rapidly try passwords from a program, I tried compiling an old UNIX copy of crypt/makekey, but the result of that is not the same as the same file being encrypted using vim's -x encryption and the same password.
If anyone can help, I'd hugely appreciate it. If not, thanks for reading. :)
361
You just have to enter an empty password twice. There will be no encryption. Show activity on this post. By canceling, you are ensured that the program will not do something unexpected with the prompted (empty) passwords.
Vim, the popular text editor comes with a built-in feature to encrypt files with a password. Vim uses algorithms like Blowfish to encrypt files. It is faster and convenient than some other utilities available to do so.
Vim uses a weak encryption method by default. Vim encrypts the file using an encryption method 'zip', the same encryption algorithm that is used by Pkzip (known to be flawed). You can set the default encryption to use the more secure 'blowfish' cipher.
It is not secure. David Leadbeater posted POC code to brute-force upto 64 bytes in an article titled, somewhat ironically, Vim blowfish encryption... or why you shouldn't roll your own crypto. The Vim documentation now recommends: - The implementation of 'cryptmethod' "blowfish" has a flaw.
From the VIM documentation:
If it was feasible on a Pentium 133, I think you have a very good chance. :)
I would either use #vim to ask for details on the algorithm or browse through the source code to figure out how the encryption is working and then write a cryptanalysis program.
119
Is it possible that you could have data corruption issues in addition to your encryption problems?
If I was going to brute force this, I think I would write an algorithm that would start to try all variations of the passwords I could have used before moving on to dictionary attacks. Yet, after hearing your story - I have this nagging feeling that you didn't forget your password, but rather there was a data corruption issue somewhere along the way that messed up your password/crypttext/cryptokey/whatever.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
