9278c98eeb
You should not be using DES. You should not have been using DES for the past 30 years. The ed DES-CBC scheme lacked several desirable properties of a sealed document system, even ignoring DES itself. In particular, it did not provide the "integrity" cryptographic property (detection of tampering), and it treated ASCII passwords as 64-bit keys (instead of using a KDF like scrypt or PBKDF2). Some general approaches ed(1) users might consider to replace the removed DES mode: 1. Full disk encryption with something like AES-XTS. This is easy to conceptualize, design, and implement, and it provides confidentiality for data at rest. Like CBC, it lacks tampering protection. Examples include GELI, LUKS, FileVault2. 2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS, others). 3. Native encryption at the filesystem layer. Ext4/F2FS, ZFS, APFS, and NTFS all have some flavor of this. 4. Storing your files unencrypted. It's not like DES was doing you much good. If you have DES-CBC scrambled files produced by ed(1) prior to this change, you may decrypt them with: openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext> Reviewed by: allanjude, bapt, emaste Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D17829
12 lines
188 B
Makefile
12 lines
188 B
Makefile
# $FreeBSD$
|
|
|
|
.include <src.opts.mk>
|
|
|
|
PACKAGE=runtime
|
|
PROG= ed
|
|
SRCS= buf.c glbl.c io.c main.c re.c sub.c undo.c
|
|
LINKS= ${BINDIR}/ed ${BINDIR}/red
|
|
MLINKS= ed.1 red.1
|
|
|
|
.include <bsd.prog.mk>
|