[Python-Dev] Fast Implementation for ZIP decryption
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Sun Aug 30 15:05:22 CEST 2009
On 12:59 pm, steve at pearwood.info wrote:
>On Sun, 30 Aug 2009 06:55:33 pm Martin v. Löwis wrote:
>> > Does it sound worthy enough to create a patch for and integrate
>> > into python itself?
>>
>>Probably not, given that people think that the algorithm itself is
>>fairly useless.
>
>I would think that for most people, the threat model isn't "the CIA is
>reading my files" but "my little brother or nosey co-worker is reading
>my files", and for that, zip encryption with a good password is
>probably perfectly adequate. E.g. OpenOffice uses it for
>password-protected documents.
>
>Given that Python already supports ZIP decryption (as it should), are
>there any reasons to prefer the current pure-Python implementation over
>a faster version?
Given that the use case is "protect my biology homework from my little
brother", how fast does the implementation really need to be? Is
speeding it up from 0.1 seconds to 0.001 seconds worth the potential new
problems that come with more C code (more code to maintain, less
portability to other runtimes, potential for interpreter crashes or even
arbitrary code execution vulnerabilities from specially crafted files)?
Jean-Paul
More information about the Python-Dev
mailing list