[issue34546] Add encryption support to zipfile
大野隆弘
report at bugs.python.org
Fri Aug 31 20:33:49 EDT 2018
大野隆弘 <oono0114 at gmail.com> added the comment:
Agree, we should not enhance weak encryption to the world.
But unfortunately, MS Windows supports only this type of encryption as far as I researched.
https://blogs.msdn.microsoft.com/oldnewthing/20180515-00/?p=98755
That is the my first motivation of Traditional PKWARE encryption(a.k.a ZipCrypto/Standard Zip 2.0 encryption) support.
If this big platform supports AES, we don't have any reason to support. But unfortunately not.
On the other hand, encryption algorithm compromising happens forever.
I believe python developers must have ability to make decision of suitable algorithm because "We are all (consenting) adults here".(I love this phrase)
Also implementing other algo (including AES) support must affect to decryption of zipfile module.
As we can imagine it should be big task and should be divided.
These are the background of my suggestion.
In summary,
1. We don't have to support "weak" encryption like DES/RC2 although they are on the document.
2. But Traditional PKWare Encryption is special enough to support because of the circumstances.
3. Other algo support in both decrypt/encrypt should be implemented sooner or later.
Any feedback is welcome.
FYI : All candidate of Zip encryption
---------
(Traditional PKWARE encryption)
+
0x6601 - DES
0x6602 - RC2 (version needed to extract < 5.2)
0x6603 - 3DES 168
0x6609 - 3DES 112
0x660E - AES 128
0x660F - AES 192
0x6610 - AES 256
0x6702 - RC2 (version needed to extract >= 5.2)
0x6720 - Blowfish
0x6721 - Twofish
0x6801 - RC4
https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
7.2.3.2 AlgId
---------
FYI 2. Other languages/tools support
Perl : "Support Encryption" is in TODO
https://metacpan.org/pod/Archive::Zip
Go : Both (AES/Traditional) encryption is going to be integrated( discussion was suspended?)
https://github.com/golang/go/issues/12081
Ruby : Supports as experimental
https://github.com/rubyzip/rubyzip/blob/master/README.md
WinZip : Supports but not recommended.
http://kb.winzip.com/help/help_encryption.htm
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34546>
_______________________________________
More information about the Python-bugs-list
mailing list