Message 125896 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	Kira.Erethon, eric.smith, pitrou
Date	2011-01-10.11:34:38
SpamBayes Score	0.00056387216
Marked as misclassified	No
Message-id	<1294659281.26.0.767846416996.issue10876@psf.upfronthosting.co.za>
In-reply-to

Content
Well, the password-checking scheme uses a one-byte check against the zip header for consistency. So there is a (near) 1/256 chance of false positives, that is of bad passwords mistakenly detected as good; then the ZipFile class proceeds with unarchiving and that's where things fail (because the "decrypted" stream is really junk). Therefore, I'd call it not a bug. If you want to crack a password, you need to trap this exception and interpret it as "bad password".

Well, the password-checking scheme uses a one-byte check against the zip header for consistency. 
So there is a (near) 1/256 chance of false positives, that is of bad passwords mistakenly detected as good; then the ZipFile class proceeds with unarchiving and that's where things fail (because the "decrypted" stream is really junk).

Therefore, I'd call it not a bug. If you want to crack a password, you need to trap this exception and interpret it as "bad password".

History
Date	User	Action	Args
2011-01-10 11:34:41	pitrou	set	recipients: + pitrou, eric.smith, Kira.Erethon
2011-01-10 11:34:41	pitrou	set	messageid: <1294659281.26.0.767846416996.issue10876@psf.upfronthosting.co.za>
2011-01-10 11:34:38	pitrou	link	issue10876 messages
2011-01-10 11:34:38	pitrou	create