diff options
author | Conrad Meyer <cem@FreeBSD.org> | 2018-11-04 17:56:16 +0000 |
---|---|---|
committer | Conrad Meyer <cem@FreeBSD.org> | 2018-11-04 17:56:16 +0000 |
commit | d83db3fb6a3c2ffeaafd5e688a2653f39a7be9d9 (patch) | |
tree | 8804013c87f78b80afb64fedd4f16724a5f8d36e /bin/ed/POSIX | |
parent | 5a453d5f5b8cff5a58b7c65df3822a2a6094f7b4 (diff) | |
download | src-d83db3fb6a3c2ffeaafd5e688a2653f39a7be9d9.tar.gz src-d83db3fb6a3c2ffeaafd5e688a2653f39a7be9d9.zip |
Drop ed(1) "crypto"
You should not be using DES. You should not have been using DES for the
past 30 years.
The ed DES-CBC scheme lacked several desirable properties of a sealed
document system, even ignoring DES itself. In particular, it did not
provide the "integrity" cryptographic property (detection of tampering), and
it treated ASCII passwords as 64-bit keys (instead of using a KDF like
scrypt or PBKDF2).
Some general approaches ed(1) users might consider to replace the removed
DES mode:
1. Full disk encryption with something like AES-XTS. This is easy to
conceptualize, design, and implement, and it provides confidentiality for
data at rest. Like CBC, it lacks tampering protection. Examples include
GELI, LUKS, FileVault2.
2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS,
others).
3. Native encryption at the filesystem layer. Ext4/F2FS, ZFS, APFS, and
NTFS all have some flavor of this.
4. Storing your files unencrypted. It's not like DES was doing you much
good.
If you have DES-CBC scrambled files produced by ed(1) prior to this change,
you may decrypt them with:
openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext>
Reviewed by: allanjude, bapt, emaste
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17829
Notes
Notes:
svn path=/head/; revision=340132
Diffstat (limited to 'bin/ed/POSIX')
-rw-r--r-- | bin/ed/POSIX | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/bin/ed/POSIX b/bin/ed/POSIX index dab1a2bc90f3..53d6b5328ca5 100644 --- a/bin/ed/POSIX +++ b/bin/ed/POSIX @@ -25,29 +25,20 @@ EXTENSIONS iv) `z' for scrolling through the buffer, and v) BSD line addressing syntax (i.e., `^' and `%') is recognized. -2) If crypt(3) is available, files can be read and written using DES - encryption. The `x' command prompts the user to enter a key used for - encrypting/ decrypting subsequent reads and writes. If only a newline - is entered as the key, then encryption is disabled. Otherwise, a key - is read in the same manner as a password entry. The key remains in - effect until encryption is disabled. For more information on the - encryption algorithm, see the bdes(1) man page. Encryption/decryption - should be fully compatible with SunOS des(1). - -3) The POSIX interactive global commands `G' and `V' are extended to +2) The POSIX interactive global commands `G' and `V' are extended to support multiple commands, including `a', `i' and `c'. The command format is the same as for the global commands `g' and `v', i.e., one command per line with each line, except for the last, ending in a backslash (\). -4) An extension to the POSIX file commands `E', `e', `r', `W' and `w' is +3) An extension to the POSIX file commands `E', `e', `r', `W' and `w' is that <file> arguments are processed for backslash escapes, i.e., any character preceded by a backslash is interpreted literally. If the first unescaped character of a <file> argument is a bang (!), then the rest of the line is interpreted as a shell command, and no escape processing is performed by ed. -5) For SunOS ed(1) compatibility, ed runs in restricted mode if invoked +4) For SunOS ed(1) compatibility, ed runs in restricted mode if invoked as red. This limits editing of files in the local directory only and prohibits shell commands. |