大野隆弘 <oono0...@gmail.com> added the comment: Agree, we should not enhance weak encryption to the world. But unfortunately, MS Windows supports only this type of encryption as far as I researched. https://blogs.msdn.microsoft.com/oldnewthing/20180515-00/?p=98755
That is the my first motivation of Traditional PKWARE encryption(a.k.a ZipCrypto/Standard Zip 2.0 encryption) support. If this big platform supports AES, we don't have any reason to support. But unfortunately not. On the other hand, encryption algorithm compromising happens forever. I believe python developers must have ability to make decision of suitable algorithm because "We are all (consenting) adults here".(I love this phrase) Also implementing other algo (including AES) support must affect to decryption of zipfile module. As we can imagine it should be big task and should be divided. These are the background of my suggestion. In summary, 1. We don't have to support "weak" encryption like DES/RC2 although they are on the document. 2. But Traditional PKWare Encryption is special enough to support because of the circumstances. 3. Other algo support in both decrypt/encrypt should be implemented sooner or later. Any feedback is welcome. FYI : All candidate of Zip encryption --------- (Traditional PKWARE encryption) + 0x6601 - DES 0x6602 - RC2 (version needed to extract < 5.2) 0x6603 - 3DES 168 0x6609 - 3DES 112 0x660E - AES 128 0x660F - AES 192 0x6610 - AES 256 0x6702 - RC2 (version needed to extract >= 5.2) 0x6720 - Blowfish 0x6721 - Twofish 0x6801 - RC4 https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT 7.2.3.2 AlgId --------- FYI 2. Other languages/tools support Perl : "Support Encryption" is in TODO https://metacpan.org/pod/Archive::Zip Go : Both (AES/Traditional) encryption is going to be integrated( discussion was suspended?) https://github.com/golang/go/issues/12081 Ruby : Supports as experimental https://github.com/rubyzip/rubyzip/blob/master/README.md WinZip : Supports but not recommended. http://kb.winzip.com/help/help_encryption.htm ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34546> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
