removing the header from a gzip'd string
vasudevram
vasudevram at gmail.com
Fri Dec 22 13:16:09 EST 2006
Fredrik Lundh wrote:
> Gabriel Genellina wrote:
>
> > Using the default options ("deflate", default compression level, no
> > custom dictionary) will make those first two bytes 0x78 0x9c.
> >
> > If you want to encrypt a compressed text, you must remove redundant
> > information first.
>
> encryption? didn't the OP say that he *didn't* plan to decompress the
> resulting data stream?
>
> > Knowing part of the clear message is a security hole.
>
> well, knowing the algorithm used to convert from the original clear
> text to the text that's actually encrypted also gives an attacker
> plenty of clues (especially if the original is regular in some way,
> such as "always an XML file" or "always a record having this format").
> sounds to me like trying to address this potential hole by stripping
> off 16 bits from the payload won't really solve that problem...
>
> </F>
Yes, I'm also interested to know why the OP wants to remove the header.
Though I'm not an expert on the zip format, my understanding is that
most binary formats are not of much use in pieces (though some
composite formats might be, e.g. you might be able to meaningfully
extract a piece, such as an image embedded in a Word file). I somehow
don't think a compressed zip file would be of use in pieces (except
possibly for the header itself). But I could be wrong of course.
Vasudev Ram
http://www.dancingbison.com
More information about the Python-list
mailing list