用河豚加密文件的安全性如何？

我知道使用:set cryptmethod=zip是不是安全的，但如何安全使用:set cryptmethod=blowfish？

在维基百科上，我读到河豚密码本身应该是安全的，但这并没有说明Vim 实现它的安全性。

交换文件，备份文件，撤消文件以及其他绕过河豚加密的可能方式又如何呢？Vim在那儿有多安全？

这是不是安全的。David Leadbeater在一篇标题为Vim河豚加密...或者为什么不应该使用自己的加密货币的文章中发布了POC代码，将暴力破解高达64个字节。Vim文档现在建议：

- The implementation of 'cryptmethod' "blowfish" has a flaw.  It is possible
  to crack the first 64 bytes of a file and in some circumstances more of the
  file. Use of it is not recommended, but it's still the strongest method
  supported by Vim 7.3 and 7.4.  The "zip" method is even weaker.

而且，在更早的时候：

The text in the swap file and the undo file is also encrypted.  E843
However, this is done block-by-block and may reduce the time needed to crack a
password.  You can disable the swap file, but then a crash will cause you to
lose your work.  The undo file can be disabled without much disadvantage. 
        :set noundofile
        :noswapfile edit secrets

Note: The text in memory is not encrypted.  A system administrator may be able
to see your text while you are editing it.  When filtering text with
":!filter" or using ":w !command" the text is also not encrypted, this may
reveal it to others.  The 'viminfo' file is not encrypted.

摘要：

• 如果您关心安全性，则blowfish不应使用。使用blowfish2代替。
• 虽然swap和undo文件是加密的，但viminfo不是。

不请自来的建议：

• 如果您确实关心安全性，请不要进行自己的加密。这也意味着blowfish2实施。使用其他东西，例如GPG。该gnupg.vim插件可能是有用的。它似乎得以维持。它禁用viminfo和交换文件。