mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-22 11:17:19 +00:00
d83db3fb6a
You should not be using DES. You should not have been using DES for the past 30 years. The ed DES-CBC scheme lacked several desirable properties of a sealed document system, even ignoring DES itself. In particular, it did not provide the "integrity" cryptographic property (detection of tampering), and it treated ASCII passwords as 64-bit keys (instead of using a KDF like scrypt or PBKDF2). Some general approaches ed(1) users might consider to replace the removed DES mode: 1. Full disk encryption with something like AES-XTS. This is easy to conceptualize, design, and implement, and it provides confidentiality for data at rest. Like CBC, it lacks tampering protection. Examples include GELI, LUKS, FileVault2. 2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS, others). 3. Native encryption at the filesystem layer. Ext4/F2FS, ZFS, APFS, and NTFS all have some flavor of this. 4. Storing your files unencrypted. It's not like DES was doing you much good. If you have DES-CBC scrambled files produced by ed(1) prior to this change, you may decrypt them with: openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext> Reviewed by: allanjude, bapt, emaste Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D17829 |
||
---|---|---|
.. | ||
test | ||
buf.c | ||
ed.1 | ||
ed.h | ||
glbl.c | ||
io.c | ||
main.c | ||
Makefile | ||
Makefile.depend | ||
POSIX | ||
re.c | ||
README | ||
sub.c | ||
undo.c |
$FreeBSD$ ed is an 8-bit-clean, POSIX-compliant line editor. It should work with any regular expression package that conforms to the POSIX interface standard, such as GNU regex(3). If reliable signals are supported (e.g., POSIX sigaction(2)), it should compile with little trouble. Otherwise, the macros SPL1() and SPL0() should be redefined to disable interrupts. The following compiler directives are recognized: NO_REALLOC_NULL - if realloc(3) does not accept a NULL pointer BACKWARDS - for backwards compatibility NEED_INSQUE - if insque(3) is missing The file `POSIX' describes extensions to and deviations from the POSIX standard. The ./test directory contains regression tests for ed. The README file in that directory explains how to run these. For a description of the ed algorithm, see Kernighan and Plauger's book "Software Tools in Pascal," Addison-Wesley, 1981.