[Python-Dev] Fast Implementation for ZIP decryption

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Sun Aug 30 15:05:22 CEST 2009


On 12:59 pm, steve at pearwood.info wrote:
>On Sun, 30 Aug 2009 06:55:33 pm Martin v. Löwis wrote:
>> > Does it sound worthy enough to create a patch for and integrate
>> > into python itself?
>>
>>Probably not, given that people think that the algorithm itself is
>>fairly useless.
>
>I would think that for most people, the threat model isn't "the CIA is
>reading my files" but "my little brother or nosey co-worker is reading
>my files", and for that, zip encryption with a good password is
>probably perfectly adequate. E.g. OpenOffice uses it for
>password-protected documents.
>
>Given that Python already supports ZIP decryption (as it should), are
>there any reasons to prefer the current pure-Python implementation over
>a faster version?

Given that the use case is "protect my biology homework from my little 
brother", how fast does the implementation really need to be?  Is 
speeding it up from 0.1 seconds to 0.001 seconds worth the potential new 
problems that come with more C code (more code to maintain, less 
portability to other runtimes, potential for interpreter crashes or even 
arbitrary code execution vulnerabilities from specially crafted files)?

Jean-Paul


More information about the Python-Dev mailing list