Ticket #1705 (closed wishlist: wontfix)

Opened 3 years ago

Last modified 2 years ago

zip password security

Reported by:	WasserDragoon	Assigned to:	DRK
Priority:	major	Milestone:	0.99.9
Component:	Tango	Version:	0.99.8 Sean
Keywords:	zip,password,security,compress,archive	Cc:

Description

add password security to tango's zip compression modules

Change History

07/07/09 20:02:16 changed by kris

owner changed from kris to DRK.

07/07/09 22:59:56 changed by JarrettBillingsley

Believe it or not, I think I have some old BlitzBasic? code that implements this..! (At least for decompression)

07/08/09 13:00:15 changed by DRK

I'm not sure this is a good idea. I never bothered with the encryption sections of the zip spec, but I know from practical experience that zip password-protection is utterly worthless. Any archive can be cracked open in a few minutes.

I don't think we should support something that gives users the belief that their data is secure when really it isn't at all.

I vaguely remember something mentioned AES in the spec, though. If that's distinct from the conventional password security, it might be OK. But I don't have the time right now to address the existing problems with the zip modules, let alone implementing encryption!

08/17/09 11:21:48 changed by DRK

I'm currently going over the ZIP spec again, and thought I'd give an update of my position on this:

1. We absolutely should not implement "traditional" ZIP encryption. As stated previously, it is trivially broken on today's computers. Traditional ZIP decryption would be a reasonable enhancement, but a very low-priority one.

2. We more than likely should not support "strong" ZIP encryption or decryption. According to APPNOTE, PKWARE holds patents on the strong encryption system used in ZIP.

11/23/09 06:16:20 changed by DRK

status changed from new to closed.
resolution set to wontfix.

Marking WONTFIX for previously stated reasons.

Ticket Navigation