Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]Security Question #25

Open
PorcelainSky opened this issue Jan 21, 2024 · 8 comments
Open

[FEATURE]Security Question #25

PorcelainSky opened this issue Jan 21, 2024 · 8 comments
Labels
enhancement New feature or request

Comments

@PorcelainSky
Copy link

The Zip standard encryption method has been proven to be no longer safe and has broken weaknesses more than ten years ago. It is recommended to remove this encryption algorithm. For AES encryption, can I add aes128gcm, aes192gcm, and aes256gcm to choose from? Can ChaCha20-Poly1305/XChaCha20-Poly1305 be added to devices with weak performance? Or AEGIS256/128L etc. (libsodium)
@PorcelainSky
Copy link
Author

https://github.com/jedisct1/libaegis
https://doc.libsodium.org/secret-key_cryptography/aead/aegis-256

@PorcelainSky
Copy link
Author

In addition, this is a crash log during encryption and compression. When entering the password and clicking compression, a crash occurred.
Android 10
ZipXtract_Crash_Log.txt

@WirelessAlien
Copy link
Owner

WirelessAlien commented Jan 21, 2024
edited
Loading

In addition, this is a crash log during encryption and compression. When entering the password and clicking compression, a crash occurred. Android 10 ZipXtract_Crash_Log.txt

Did you select compression method - AES_INTERNAL_ONLY ? If yes I actually got that issue before but forgot to removed that parameter.

@WirelessAlien
Copy link
Owner

The Zip standard encryption method has been proven to be no longer safe and has broken weaknesses more than ten years ago. It is recommended to remove this encryption algorithm.

Yeah, it can be removed or maybe not completely removed, but a warning that it is not safe to use, remove from the default method.

For AES encryption, can I add aes128gcm, aes192gcm, and aes256gcm to choose from?

Yeah, Sure.

Can ChaCha20-Poly1305/XChaCha20-Poly1305 be added to devices with weak performance? Or AEGIS256/128L etc. (libsodium)

Maybe, I am not sure about this, will see what can be done.

@PorcelainSky
Copy link
Author

In addition, this is a crash log during encryption and compression. When entering the password and clicking compression, a crash occurred. Android 10 ZipXtract_Crash_Log.txt

Did you select compression method - AES_INTERNAL_ONLY ? If yes I actually got that issue before but forgot to removed that parameter.

Yes, I retried the deflate compression algorithm and it worked successfully.

@PorcelainSky
Copy link
Author

Zip 标准加密方法已被证明不再安全,并且在十多年前就已突破弱点。建议删除该加密算法。

是的,它可以被删除,也可能不能完全删除,但会警告它使用起来不安全,请从默认方法中删除。

对于 AES 加密,我可以添加 aes128gcm、aes192gcm 和 aes256gcm 供选择吗?

好,当然。

ChaCha20-Poly1305/XChaCha20-Poly1305可以添加到性能较弱的设备中

The Zip standard encryption method has been proven to be no longer safe and has broken weaknesses more than ten years ago. It is recommended to remove this encryption algorithm.

Yeah, it can be removed or maybe not completely removed, but a warning that it is not safe to use, remove from the default method.

For AES encryption, can I add aes128gcm, aes192gcm, and aes256gcm to choose from?

Yeah, Sure.

Can ChaCha20-Poly1305/XChaCha20-Poly1305 be added to devices with weak performance? Or AEGIS256/128L etc. (libsodium)

Maybe, I am not sure about this, will see what can be done.

grateful! Looking forward to what happens next.

@PorcelainSky
Copy link
Author

The Zip standard encryption method has been proven to be no longer safe and has broken weaknesses more than ten years ago. It is recommended to remove this encryption algorithm.

Yeah, it can be removed or maybe not completely removed, but a warning that it is not safe to use, remove from the default method.

For AES encryption, can I add aes128gcm, aes192gcm, and aes256gcm to choose from?

Yeah, Sure.

Can ChaCha20-Poly1305/XChaCha20-Poly1305 be added to devices with weak performance? Or AEGIS256/128L etc. (libsodium)

Maybe, I am not sure about this, will see what can be done.

Sorry, I may have confused you. There may be a problem with the translation software. I mean can you provide/add AES128GCM, AES192GCM, AES256GCM options in future versions.

@WirelessAlien
Copy link
Owner

The Zip standard encryption method has been proven to be no longer safe and has broken weaknesses more than ten years ago. It is recommended to remove this encryption algorithm.

Yeah, it can be removed or maybe not completely removed, but a warning that it is not safe to use, remove from the default method.

For AES encryption, can I add aes128gcm, aes192gcm, and aes256gcm to choose from?

Yeah, Sure.

Can ChaCha20-Poly1305/XChaCha20-Poly1305 be added to devices with weak performance? Or AEGIS256/128L etc. (libsodium)

Maybe, I am not sure about this, will see what can be done.

Sorry, I may have confused you. There may be a problem with the translation software. I mean can you provide/add AES128GCM, AES192GCM, AES256GCM options in future versions.

Ooh, Ok. It will be added 👍

@WirelessAlien WirelessAlien added the enhancement New feature or request label Jan 22, 2024
WirelessAlien added a commit that referenced this issue Jan 31, 2024
@WirelessAlien
added option to choose Aes strength #25
8b7bd22
WirelessAlien added a commit that referenced this issue Jan 31, 2024
@WirelessAlien
change default encryption to AES (zip) #25
b474c04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PorcelainSky @WirelessAlien