Jack Cushman added the comment: Ah, thanks! That makes sense. I see it's documented in "man unzip" as well:
"The correct password will always check out against the header, but there is a 1-in-256 chance that an incorrect password will as well. (This is a security feature of the PKWARE zipfile format; it helps prevent brute-force attacks that might otherwise gain a large speed advantage by testing only the header.) In the case that an incorrect password is given but it passes the header test anyway, either an incorrect CRC will be generated for the extracted data or else unzip will fail during the extraction because the ``decrypted'' bytes do not constitute a valid compressed data stream." Would it make sense to add a note to documentation for zipfile functions that take a password? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29739> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
