Message 339736 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	serhiy.storchaka
Recipients	Jozef Cernak, alanmcintyre, serhiy.storchaka, twouters
Date	2019-04-09.12:06:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1554811560.95.0.881108023501.issue36573@roundup.psfhosted.org>
In-reply-to

Content
This is how the weak encryption in ZIP files work. In 255 cases from 256 the wrong password can be detected earlier (this make the encryption just weaker). But it 1 case of 256 this check is passed and you will get either an error of mismatched CRC, or the compressor specific error if use compression. There is even very small chance (1 of 2**32 or like) that you will silently get incorrectly decrypted data. It is better to not use the weak encryption in ZIP files. If you need to encrypt data safely, use third-party encryption libraries.

This is how the weak encryption in ZIP files work. In 255 cases from 256 the wrong password can be detected earlier (this make the encryption just weaker). But it 1 case of 256 this check is passed and you will get either an error of mismatched CRC, or the compressor specific error if use compression. There is even very small chance (1 of 2**32 or like) that you will silently get incorrectly decrypted data.

It is better to not use the weak encryption in ZIP files. If you need to encrypt data safely, use third-party encryption libraries.

History
Date	User	Action	Args
2019-04-09 12:06:00	serhiy.storchaka	set	recipients: + serhiy.storchaka, twouters, alanmcintyre, Jozef Cernak
2019-04-09 12:06:00	serhiy.storchaka	set	messageid: <1554811560.95.0.881108023501.issue36573@roundup.psfhosted.org>
2019-04-09 12:06:00	serhiy.storchaka	link	issue36573 messages
2019-04-09 12:06:00	serhiy.storchaka	create