1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-22 11:17:19 +00:00
freebsd/bin/ed
Conrad Meyer d83db3fb6a Drop ed(1) "crypto"
You should not be using DES.  You should not have been using DES for the
past 30 years.

The ed DES-CBC scheme lacked several desirable properties of a sealed
document system, even ignoring DES itself.  In particular, it did not
provide the "integrity" cryptographic property (detection of tampering), and
it treated ASCII passwords as 64-bit keys (instead of using a KDF like
scrypt or PBKDF2).

Some general approaches ed(1) users might consider to replace the removed
DES mode:

1. Full disk encryption with something like AES-XTS.  This is easy to
conceptualize, design, and implement, and it provides confidentiality for
data at rest.  Like CBC, it lacks tampering protection.  Examples include
GELI, LUKS, FileVault2.

2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS,
others).

3. Native encryption at the filesystem layer.  Ext4/F2FS, ZFS, APFS, and
NTFS all have some flavor of this.

4. Storing your files unencrypted.  It's not like DES was doing you much
good.

If you have DES-CBC scrambled files produced by ed(1) prior to this change,
you may decrypt them with:

  openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext>

Reviewed by:	allanjude, bapt, emaste
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D17829
2018-11-04 17:56:16 +00:00
..
test
buf.c
ed.1 Drop ed(1) "crypto" 2018-11-04 17:56:16 +00:00
ed.h Drop ed(1) "crypto" 2018-11-04 17:56:16 +00:00
glbl.c
io.c Drop ed(1) "crypto" 2018-11-04 17:56:16 +00:00
main.c Drop ed(1) "crypto" 2018-11-04 17:56:16 +00:00
Makefile Drop ed(1) "crypto" 2018-11-04 17:56:16 +00:00
Makefile.depend
POSIX Drop ed(1) "crypto" 2018-11-04 17:56:16 +00:00
re.c
README Drop ed(1) "crypto" 2018-11-04 17:56:16 +00:00
sub.c
undo.c

$FreeBSD$

ed is an 8-bit-clean, POSIX-compliant line editor.  It should work with
any regular expression package that conforms to the POSIX interface
standard, such as GNU regex(3).

If reliable signals are supported (e.g., POSIX sigaction(2)), it should
compile with little trouble.  Otherwise, the macros SPL1() and SPL0()
should be redefined to disable interrupts.

The following compiler directives are recognized:
NO_REALLOC_NULL	- if realloc(3) does not accept a NULL pointer
BACKWARDS	- for backwards compatibility
NEED_INSQUE	- if insque(3) is missing

The file `POSIX' describes extensions to and deviations from the POSIX
standard.

The ./test directory contains regression tests for ed. The README
file in that directory explains how to run these.

For a description of the ed algorithm, see Kernighan and Plauger's book
"Software Tools in Pascal," Addison-Wesley, 1981.