Comments (4)
ulikunitz
commented on May 30, 2024
While I share a lot of the observations (complex format, unclear padding rules, LZMA2 format undocumented), I don't share all the conclusions particularly those about the severity of bit errors in the headers. If your archiving system doesn't protect you from bit errors then you shouldn't store compressed data on it. In practical terms a bit error in a compressed file will affect all data following it. The exception are parallel compressed files, where unavoidable dictionary resets provide synchronization points. The parallel-compressed segments could be quite large (>= 8 MiB); compare that to an uncompressed UTF-8 file, where every code point is a synchronization point.
If xz is used for archiving purposes, I recommend to use it without any additional filters.You should use the SHA256 checksum, since it also protect the length of the data stream. CRC-32 and CRC-64 lack this capability. This might contradict a statement from the article, but SHA256 embeds the length of the data stream into the data that is hashed. The fact that the length field is not secured by a check sum, doesn't matter.
from xz.
gcstang
commented on May 30, 2024
@ulikunitz thank you very much for your response.
Does your project by default support what you recommend?
from xz.
ulikunitz
commented on May 30, 2024
I don't support any additional filters, but the default is the CRC64 checksum. You would need a WriterConfig that sets the CheckSum field to SHA256.
from xz.
gcstang
commented on May 30, 2024
@ulikunitz ok, thank you
from xz.
Related Issues (20)
- Checksum None is valid HOT 4
- expose blockreader HOT 4
- Current maturity of project (and other semantics) HOT 3
- Achieving maximum xz compression HOT 2
- memory leak HOT 2
- [SECURITY] Implementation of readUvarint vulnerable to CVE-2020-16845 HOT 17
- How to use multi CPU work for compression? HOT 3
- Panic with invalid input HOT 2
- missing match limit, was "lzip" HOT 11
- How to write compress & decompress data in file? HOT 2
- Don't worry about this lssue HOT 1
- Missing common APIs like Reader:Close() Writer:Flush() HOT 3
- Out of Memory bug when using a large reader HOT 3
- high allocation ratio HOT 3
- Expose `processFile` function HOT 2
- Plan for rewrite branch HOT 4
- How i can compressed folder? HOT 1
- Equivalent of FastBytes? HOT 2
- Extract files from NSIS installer? HOT 1
- Add statement to README about xz backdoor HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xz.