New Program I have written

Discussion in 'Programming & Software Development' started by Jab, Jan 27, 2007.

  1. yoink

    yoink Member

    Joined:
    Feb 19, 2002
    Messages:
    3,480
    I think Ze means that there will always be a way to unonfuscate your code, so as long as the security component doesn't rely on the obfuscation, it will be ok.
    As far as an answer to a bullet proof code obfuscation algorithm goes: there isn't one, although I'm sure some are better than others...

    -- yoink
     
  2. Ze.

    Ze. Member

    Joined:
    Sep 13, 2003
    Messages:
    7,871
    Location:
    Newcastle, NSW
    Don't rely on obfuscation for security and secret keys embedded in the code. Assume that if the user has something then they know it.

    When it comes to setting up secure channels use a mixture of public key and private key cryptography. When it comes to storing user secret rely on a key derived from input from the user.
     
  3. Ravenclaw

    Ravenclaw Member

    Joined:
    Dec 6, 2004
    Messages:
    2,090
    jab if someone steals your code and starts distributing it then the courts are the best way to pursue the matter. i wouldn't worry about obfuscation being a silver bullet. most of the time it creates a large enough effort that rewriting is a better option.
     
    Last edited: Feb 5, 2007
  4. dogstone

    dogstone Member

    Joined:
    Nov 24, 2003
    Messages:
    38
    Location:
    Sydney
    So the lesson here is if you want to protect your data, don't rely on software that hasn't been thoroughly tested. For storing passwords to websites, registration keys, credit card etc, use Roboform. if you want to encrypt your whole disk, partitions, or individual files, use Truecrypt. At least you know you'll be as well protected as is possible with these. But its a good learning exercise for the programmer :thumbup:
     
  5. Luke212

    Luke212 Member

    Joined:
    Feb 26, 2003
    Messages:
    10,013
    Location:
    Sydney
    this is a good thread! :wired:
     
  6. eyeLikeCarrots

    eyeLikeCarrots Member

    Joined:
    Jan 1, 2002
    Messages:
    4,384
    Location:
    Canberra Is Shit Sex: Yes
    Like the crypt keys that unlocked the boot rom on the first x box...
     
  7. stuffisgood

    stuffisgood Member

    Joined:
    Aug 1, 2001
    Messages:
    6,189
    Location:
    Whitsundays, QLD
    Ya get that when you transmit them over an unencrypted bus...

    No such luck on the 360 though, they learnt their lesson :(
     
  8. Oosh

    Oosh Member

    Joined:
    Oct 31, 2002
    Messages:
    9,280
    Location:
    Adelaide
    Most interesting thread.

    This one's open source, no obfuscation there, so can you break it?

    http://keepass.info/
     
  9. Ze.

    Ze. Member

    Joined:
    Sep 13, 2003
    Messages:
    7,871
    Location:
    Newcastle, NSW
    The other problem is they used TEA which had many published weaknesses in academic journal (it was well studied and considered bloody simple to crack).
     
  10. Ravenclaw

    Ravenclaw Member

    Joined:
    Dec 6, 2004
    Messages:
    2,090
    keepass is good. i would still use schneiers password safe over keepass. mainly because i noticed it doesn't encrypt some header information (number of groups, number of entries). not a big deal though, because you can accurately guess the number in password safe from the file length and having that secret isn't necessary.
     

Share This Page

Advertisement: