Merge pull request #99 from uktrade/docs/keystream-leakage-in-most-ca…

…ses-acceptable docs: suggest that the risk of high numbers of files in many situations is fine
uktrade · Jan 7, 2024 · c54aeb7 · c54aeb7
2 parents 6cf169b + b170ce0
commit c54aeb7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md
@@ -66,6 +66,6 @@ You should use a long and random password, for example one generated by the [Pyt
 >
 > - Not including sufficient mechanisms to alert recipients if data or metadata has been intercepted and changed. This can itself lead to information leakage.
 >
-> - A higher risk of information leakage when there's a higher number of member files in the ZIP encrypted with the same password, as stream-zip and most other ZIP writers do.
+> - A higher risk of information leakage when there's a higher number of member files in the ZIP encrypted with the same password, as stream-zip does. Although AE-2 with AES-256 likely mitigates this enough for all situations but the extremely risk averse that also have an extremely high number of member files.
 >
 > See ["Attacking and Repairing the WinZip Encryption Scheme" by Tadayoshi Kohno](https://homes.cs.washington.edu/~yoshi/papers/WinZip/winzip.pdf) and [fgrieu's answer to a question about WinZip's AE-1 and AE-2 on Crytography Stack Exchange](https://crypto.stackexchange.com/a/109269/113464) for more information.