Skip to content

bpo-10030: Sped up reading encrypted ZIP files by 2 times. #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Mar 30, 2017
Merged

bpo-10030: Sped up reading encrypted ZIP files by 2 times. #550

merged 6 commits into from
Mar 30, 2017

Conversation

serhiy-storchaka
Copy link
Member

No description provided.

@serhiy-storchaka serhiy-storchaka added the performance Performance or resource usage label Mar 7, 2017
@mention-bot
Copy link

@serhiy-storchaka, thanks for your PR! By analyzing the history of the files in this pull request, we identified @gpshead, @loewis, @tiran, @freddrake and @ctismer to be potential reviewers.

@freddrake
Copy link
Member

freddrake commented Mar 7, 2017
edited
Loading

Not sure what @mention-bot is, but hopefully it's not using the NEWS file as a source for locating "potential reviewers".

briancurtin
briancurtin requested changes Mar 7, 2017
View reviewed changes
Copy link
Member

@briancurtin briancurtin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No tests?

@Mariatta
Copy link
Member

Mariatta commented Mar 7, 2017

@freddrake Misc/ACKS, Misc/NEWS and Doc/whatsnew/*.rst are all excluded from the mention-bot when finding potential reviewers. It's configured here https://github.com/python/cpython/blob/master/.mention-bot#L5-L8

@serhiy-storchaka
Copy link
Member Author

This change doesn't add new API and doesn't change behavior of public API. No new tests are needed.

vstinner
vstinner reviewed Mar 9, 2017
View reviewed changes
Lib/zipfile.py
# zd = _ZipDecrypter(mypwd)
# plain_bytes = zd(cypher_bytes)

def _ZipDecrypter(pwd):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to rename the parameter to "password".

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name "pwd" is used for parameters of public API. It would be better to keep it consistent.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh ok, in this case it's fine :-)

Lib/zipfile.py

# ZIP supports a password-based form of encryption. Even though known
# plaintext attacks have been found against it, it is still useful
# to be able to get data out of such a file.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO it's worth it to add this warning, maybe just as a note, in zipfile documentation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zipfile doesn't support creating encrypted ZIP archives. It just supports reading encrypted ZIP archives created by other programs. Thus this warning doesn't have relation to the use of the zipfile module. It has relation to the cause why encrypting is not implemented. It is useful for zipfile developers, not users.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Anyway, it's unrelated to your change. I started a thread on security-SIG:
https://mail.python.org/pipermail/security-sig/2017-March/000238.html

@serhiy-storchaka
Copy link
Member Author

Have I satisfied your request @briancurtin? If you meant some specific tests say what tests are needed.

@serhiy-storchaka serhiy-storchaka merged commit 06e5225 into python:master Mar 30, 2017
@serhiy-storchaka serhiy-storchaka deleted the bpo-10030-zipfile-decryptor-speedup branch March 30, 2017 16:09
jaraco pushed a commit that referenced this pull request Dec 2, 2022
@dependabot @Mariatta
Bump sentry-sdk from 1.5.11 to 1.5.12 (#550)
dd3942c 
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.11 to 1.5.12.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@1.5.11...1.5.12)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariatta Wijaya <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner vstinner left review comments

@briancurtin briancurtin briancurtin requested changes

Assignees
No one assigned
Labels
performance Performance or resource usage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@serhiy-storchaka @mention-bot @freddrake @Mariatta @vstinner @briancurtin @the-knights-who-say-ni