Came across this warning editing an old file with vim 8.0.707
Seems I had missed that the original vim “blowfish” crypto method had an initialization vector bug meaning that whilst “blowfish” is a fine method you need to use “blowfish2” to avoid the vim specific implementation issue.
However to confuse things further “vim” produces the same warning if you edit a file with a strong crypto method if the default crypto method that would have been used is a weak method (e.g. is it would have used pkzip or blowfish) and you include a “-x” on the command line. It also prompts for the key twice if you include the “-x” but it does preserve the current crypto method on the file. Thus you see the warning even if only strong crypto is in use if you specify “-x“.
So I learnt…
You really need the single quotes when doing the help command 😉
Add a line reading “set cm=blowfish2” to ~/.vimrc
Add it to the system wide vimrc if others are likely to use vim encryption.
Know that the crypto method “blowfish2” shows at the start of a file as “VimCrypt-03!”
$ strings well-encrypted-file.txt | head -1
Don’t use “-x” except for when you create an encrypted file.
Consider not using vim encryption. The history of vim encryption is not great, but I tend to the view that the built-in encryption at least offers the editor a chance to understand about issues like backup and paging and do the right thing. Some plugins allow editing of files using gnupg transparently, but have to set a bunch of options to avoid leaking the content by accident. Gnupg may be a better crypto implementation but it is unclear if second guessing the editor is the safest approach to using it.