[Python-Dev] Support for Encrypted Zip as python scripts
larry.bugbee at boeing.com
Mon Aug 24 20:52:55 CEST 2009
I like the idea, but...
Here is a quick list of things to think about and if some of this has
already been mentioned, sorry.
Speed: Encryption speed has been mentioned. For short scripts this may
not be a problem, although algorithms implemented in C would be faster.
Strength: Passwords are [very] weak, especially if of the 6-10
alphanumeric variety. True secret keys where all bit combinations are
used is stronger. Entering passwords has been mentioned but I believe
only passwords were assumed. It is better to not provide any encryption
than to lure novices into believing they are secure when they are not.
Algorithms: Be sure to choose good ones and allow for changing later.
Key distribution: How to distribute secret keys beyond a small group of
friends is problematic. In short it doesn't scale. Looking to
public-private key pairs can be equally problematic. This can get you
into encryption certs, but *how* you use them correctly differs from
signing certs. More on this later if you want.
ZIP: Look beyond just zip files. A scheme that works for any/all files
in the distribution, not just ZIPs, would be better. (IIRC there have
been problems with encrypted zips, but that was years ago. Those issues
may have been fixed.)
Short version: Doing this right is hard. Simply supporting a password
based ZIP file is, in my opinion, not real protection.
Gotta go. Later.
More information about the Python-Dev