[Python-Dev] Fast Implementation for ZIP decryption

Shashank Singh shashank.sunny.singh at gmail.com
Mon Aug 31 10:10:45 CEST 2009

On Mon, Aug 31, 2009 at 12:08 PM, Gregory P. Smith <greg at krypto.org> wrote:

> On Sun, Aug 30, 2009 at 10:40 PM, Jeroen Ruigrok van der Werven <
> asmodai at in-nomine.org> wrote:
>> -On [20090831 06:29], Collin Winter (collinw at gmail.com) wrote:
>> >Are there any applications/frameworks which have zip files on their
>> >critical path, where this kind of (admittedly impressive) speedup
>> >would be beneficial? What was the motivation for writing the C
>> >version?
>> Would zipped eggs count? For example, SQLAlchemy runs in the 5 MB range.
> Unless someone's also pushing for being able to import and execute code
> from scrambled zip files, no that doesn't matter

For those who have not seen it : http://bugs.python.org/issue6749 asks for
such an ability (there was a good deal of discussion about it on python-dev
too and I think Greg you were a -1 on it :).

> .
> The C code for this should be trivially tiny.  See the
> zipfile._ZipDecryptor class, its got ~25 lines of actual code in it.

right you are. It is just a simple translation of the (~25 lines)   of code
into C.

 It is not worth arguing about.  I'll commit this if you post it as a patch
> in a tracker issue.  Please make sure your patch includes the following:
> * A unittest that compares the C version of the descrambler to the python
> version of the descrambler using a variety of inputs and outputs that
> exercise any boundary condition.
> * Conditional import code in the zipfile module itself so that the module
> works even if the C module isn't available.

I sure can do that.
What boundary conditions do you have on mind?

While we are at it (and forgive my obsession with the zip module :), is
there enough need for supporting the Strong Encryption Specification in the
zip module?
At least one immediate benefit I can see is that the OP of the link I posted
above will be happy :)

The main reason the idea of supporting import of encrypted module was shot
down is that the simple encryption scheme is too weak to bother about.
Supporting Strong Encryption might do away with that problem beside,
possibly, adding a whole new way
of distributing python modules.

Are there any (more?) use cases or am I missing something very trivial why
Strong Encryption was never supported in the zip module?

-- Shashank

Shashank Singh
Senior Undergraduate, Department of Computer Science and Engineering
Indian Institute of Technology Bombay
shashank.sunny.singh at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20090831/ae41c5c0/attachment.htm>

More information about the Python-Dev mailing list