On 28 March 2016 at 22:41, Xueming Shen <xueming.s...@oracle.com> wrote: > It's a tricky call. To be honest, as I said at the very beginning, I'm not > sure whether > or not it's a good idea and worth the efffort to push this into the j.u.zip > package to > support the "traditional PKWare encryption", which is known to be "seriously > flawed, > and in particular is vulnerable to known-plaintext attacks" (from wiki), > while I fully > understood it is not a concern in your "problem-free" use scenario. Just > wonder > if there is anyone else on the list that has/had the need for such > encryption feature > in the past. It would be preferred to have more input (agree, disagree) to > make the > final decision.
I had a need for password protected zip files once. I managed to find a library to do the job, but it would have been useful to be in the JDK. I think you would have to have warnings about the strength of the protection, but I suspect despite that it is relatively widely used by non-technical users. Stephen
