Skip to content

bpo-10030: Sped up reading encrypted ZIP files by 2 times.#550

Merged
serhiy-storchaka merged 6 commits intopython:masterfrom
serhiy-storchaka:bpo-10030-zipfile-decryptor-speedup
Mar 30, 2017
Merged

bpo-10030: Sped up reading encrypted ZIP files by 2 times.#550
serhiy-storchaka merged 6 commits intopython:masterfrom
serhiy-storchaka:bpo-10030-zipfile-decryptor-speedup

Conversation

@serhiy-storchaka
Copy link
Member

@serhiy-storchaka serhiy-storchaka commented Mar 7, 2017

No description provided.

@serhiy-storchaka serhiy-storchaka added the performance Performance or resource usage label Mar 7, 2017
@mention-bot
Copy link

mention-bot commented Mar 7, 2017

@serhiy-storchaka, thanks for your PR! By analyzing the history of the files in this pull request, we identified @gpshead, @loewis, @tiran, @freddrake and @ctismer to be potential reviewers.

@freddrake
Copy link
Member

freddrake commented Mar 7, 2017
edited
Loading

Not sure what @mention-bot is, but hopefully it's not using the NEWS file as a source for locating "potential reviewers".

briancurtin
briancurtin requested changes Mar 7, 2017
View reviewed changes
Copy link
Member

@briancurtin briancurtin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No tests?

@Mariatta
Copy link
Member

Mariatta commented Mar 7, 2017

@freddrake Misc/ACKS, Misc/NEWS and Doc/whatsnew/*.rst are all excluded from the mention-bot when finding potential reviewers. It's configured here https://github.com/python/cpython/blob/master/.mention-bot#L5-L8

@serhiy-storchaka
Copy link
Member Author

serhiy-storchaka commented Mar 7, 2017

This change doesn't add new API and doesn't change behavior of public API. No new tests are needed.

vstinner
vstinner reviewed Mar 9, 2017
View reviewed changes
Lib/zipfile.py
# zd = _ZipDecrypter(mypwd)
# plain_bytes = zd(cypher_bytes)

def _ZipDecrypter(pwd):
Copy link
Member

@vstinner vstinner Mar 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to rename the parameter to "password".

Copy link
Member Author

@serhiy-storchaka serhiy-storchaka Mar 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name "pwd" is used for parameters of public API. It would be better to keep it consistent.

Copy link
Member

@vstinner vstinner Mar 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh ok, in this case it's fine :-)

Lib/zipfile.py

# ZIP supports a password-based form of encryption. Even though known
# plaintext attacks have been found against it, it is still useful
# to be able to get data out of such a file.
Copy link
Member

@vstinner vstinner Mar 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO it's worth it to add this warning, maybe just as a note, in zipfile documentation.

Copy link
Member Author

@serhiy-storchaka serhiy-storchaka Mar 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zipfile doesn't support creating encrypted ZIP archives. It just supports reading encrypted ZIP archives created by other programs. Thus this warning doesn't have relation to the use of the zipfile module. It has relation to the cause why encrypting is not implemented. It is useful for zipfile developers, not users.

Copy link
Member

@vstinner vstinner Mar 9, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Anyway, it's unrelated to your change. I started a thread on security-SIG:
https://mail.python.org/pipermail/security-sig/2017-March/000238.html

@serhiy-storchaka
Copy link
Member Author

serhiy-storchaka commented Mar 12, 2017

Have I satisfied your request @briancurtin? If you meant some specific tests say what tests are needed.

@serhiy-storchaka serhiy-storchaka merged commit 06e5225 into python:master Mar 30, 2017
@serhiy-storchaka serhiy-storchaka deleted the bpo-10030-zipfile-decryptor-speedup branch March 30, 2017 16:09
jaraco pushed a commit that referenced this pull request Dec 2, 2022
@dependabot @Mariatta
Bump sentry-sdk from 1.5.11 to 1.5.12 (#550)
dd3942c 
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.5.11 to 1.5.12.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@1.5.11...1.5.12)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariatta Wijaya <Mariatta@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vstinner vstinner vstinner left review comments

@briancurtin briancurtin briancurtin requested changes

Assignees

No one assigned

Labels

performance Performance or resource usage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@serhiy-storchaka @mention-bot @freddrake @Mariatta @vstinner @briancurtin @the-knights-who-say-ni