Prev: Python Psycopg2 - Interface Error : Connection already closed
Next: AUTHENTIC DESIGNER HANDBAGS ACCESSORIES GREAT DISCOUNTS! WWW.VOGUELANDE.COM
From: Harishankar on 28 Mar 2010 10:39 On Sun, 28 Mar 2010 10:08:20 -0400, Steve Holden wrote: > catalinfest(a)gmail.com wrote: >> I had a talk about Python and distribution of commercial products >> created with python. This made me think of a way to protect my source >> code to be distributed. I thought a live CD version and then to an >> encryption method of a portion of source code. These thoughts are the >> source of two questions. > > I'd suggest that you don't think about encrypting your source code until > you have a rather better handle on encryption technology. Your mention > of MD5, a hashing rather than an encryption algorithm, makes it clear > that you aren't familiar with the technologies at present. > > There's nothing wrong with ignorance (I have a more than adequate supply > of my own), but in encryption it's *very* easy to make mistakes that > render whole systems vulnerable to trivial attack. So you do really need > to know what you are doing. > > regards > Steve This article offers some good ideas and also sums up some good points *against* code obfuscation. http://stackoverflow.com/questions/261638/how-do-i-protect-python-code Read it and judge whether the benefits of not obfuscating code outweighs the advantages of obfuscating it. -- Harishankar (http://harishankar.org http://literaryforums.org)
From: Steven D'Aprano on 28 Mar 2010 10:58 On Sun, 28 Mar 2010 10:08:20 -0400, Steve Holden wrote: > catalinfest(a)gmail.com wrote: >> I had a talk about Python and distribution of commercial products >> created with python. This made me think of a way to protect my source >> code to be distributed. I thought a live CD version and then to an >> encryption method of a portion of source code. These thoughts are the >> source of two questions. > > I'd suggest that you don't think about encrypting your source code until > you have a rather better handle on encryption technology. Your mention > of MD5, a hashing rather than an encryption algorithm, makes it clear > that you aren't familiar with the technologies at present. Furthermore, you should forget about encrypting your program until you are sure that it is something that needs encrypting. In my experience, most times newbies start waffling on about encrypting their precious code (usually displaying total confusion about encryption technology), it turns out their critical application is something like Notepad only with fewer features. Not that I'm jaded at all. -- Steven
From: Lawrence D'Oliveiro on 3 Apr 2010 21:21 In message <4baf3ac4$0$22903$e4fe514c(a)news.xs4all.nl>, Irmen de Jong wrote: > On 28-3-2010 12:08, Lawrence D'Oliveiro wrote: > >> Don't use MD5. > > Also, md5 is not an encryption algorithm at all, it is a secure hashing > function. You can use hash functions for encryption.
From: Steven D'Aprano on 3 Apr 2010 22:38 On Sun, 04 Apr 2010 13:21:34 +1200, Lawrence D'Oliveiro wrote: > In message <4baf3ac4$0$22903$e4fe514c(a)news.xs4all.nl>, Irmen de Jong > wrote: > >> On 28-3-2010 12:08, Lawrence D'Oliveiro wrote: >> >>> Don't use MD5. >> >> Also, md5 is not an encryption algorithm at all, it is a secure hashing >> function. > > You can use hash functions for encryption. The purpose of encryption is for the holder of the secret key to be able to reverse the encryption easily and reliably, while nobody else can. Hash functions fail on three counts. Since there is no secret key to a hash function, if you can reverse it, so can anyone. That alone rules it out as encryption. Secondly, hash functions are generally difficult to reverse. For cryptographic hash functions, ideally they should be impossible to reverse short of trying every possible input. Thirdly, even when reversible, hash functions have collisions. Consequently, you can't be sure whether you have found the intended message, or merely some random string which happens to accidentally hash to the same value. Admittedly if you found a message that *made sense*, you could make a probabilistic argument that it probably was the original message. The shorter the message, the more you could be confident that you had found the right one: there is probably only one short, grammatically correct, semantically meaningful English sentence of less than ten words that has a MD5 hex digest of 22008290c5d1ff0bd5fae9e425b01d41, so if you find one, it probably will be "Meet at railway station at 3pm". On the other hand, there are a very large number of (say) 20GB data files that hash to 22008290c5d1ff0bd5fae9e425b01d41, and probably no practical way of distinguishing the true message from the false collisions. Even if you can distinguish them, since the cost of reversing the hash is prohibitive, every false positive hurts you a lot. Of course, none of this is to prohibit using a hash function as a component of a larger encryption scheme. -- Steven
From: Robert Kern on 4 Apr 2010 18:03
On 2010-04-03 20:21 , Lawrence D'Oliveiro wrote: > In message<4baf3ac4$0$22903$e4fe514c(a)news.xs4all.nl>, Irmen de Jong wrote: > >> On 28-3-2010 12:08, Lawrence D'Oliveiro wrote: >> >>> Don't use MD5. >> >> Also, md5 is not an encryption algorithm at all, it is a secure hashing >> function. > > You can use hash functions for encryption. You can *build* an encryption algorithm out of hash functions as a primitive, yes. Paul Rubin's p3.py is an example of using SHA-1 to build an encryption algorithm: http://www.nightsong.com/phr/crypto/p3.py However, a hash function is not an encryption algorithm itself. One does not "encrypt with md5" as the OP asked. For crypto-knowledgeable people, this may just be an issue of terminology (although I think an important one), but I think it demonstrates the ignorance of the OP and the need for Irmen's clarification. -- Robert Kern "I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth." -- Umberto Eco |