Anyone interested in the return of the x/X encryption commands?

[John Cowan]

As I mentioned earlier, the x (later X) command and the corresponding
option caused files to be decrypted when read and encrypted when written.
This feature existed in the 7th edition, where it depended on the very weak
encryption of crypt(1), but was not present before or since AFAICT.

The X command prompts for a passphrase and also (as an improvement over the
old version) prints the hash of the passphrase.  (Note that the hash salt
must be fixed, since it is not stored anywhere in the encrypted file: 'ed'
would be a suitable value.)  An empty passphrase disables the facility,
which is disabled at startup by default.  The -X command line option
simulates an X command at startup.

If there is interest, I am willing to restore this capability to GNU ed,
using SHA256 to hash the passphrase and ChaCha8 to encrypt the data.
Neither of these is known to be broken, and 2^256 ~ 10^77 attempts would be
required to brute-force them, which even at a billion attempts a second
would require many orders of magnitude longer than the present life of the
Universe.  There are non-certified and only lightly optimized public-domain
C implementations of both algorithms.  available.

I strongly prefer X and -X to x and -x, because they are harder to type;
it's easy to type an x command by accident or out of ex/vi habit, where it
means "write, if necessary, and quit".

I am willing to be argued out of this point, but I think if we are to
encourage long passphrases to be typed without error we should *not* turn
off echoing as the passphrase is entered.  It defends only against
shoulder-surfing, which is not that much of a threat today, unless you
use ed on your phone.

This would be fairly easy and fun to do, but I don't want to write and
submit a patch if there is no interest at all.  So let me know, fellow
ed-ites.