[EMAIL PROTECTED] wrote:
>
> ...
>
> 2 Write a replacement 'do function, that can "do" a encrypted
> rebol script, by first decrypting it using your favourite method,
> then using the REBOL's 'do. Only distribute encrypted REBOL scripts
> to students.
>
Actually, this wouldn't be secure at all. The replacement 'do written
by a user would itself be insecure, therefore a (probably not even
very) clever attacker could just apply the decryption algorithm to the
encrypted script and save the result. Conceptually (I know that
the details would be uglier) it boils down to:
replacement-do: func [encrypted-script [binary!]] [
do decryption-function encrypted-script
]
which can be attacked by
replace second :replacement-do 'do 'print
or
remove second :replacement-do
As I said above, I know the replacement-do could be written in a much
more complex fashion, but it should still be easy to 'source it and
factor out the decryption function.
IMHO, it'll be hard to have a sustainable market for REBOL programs
until one can deliver working code without simultaneously giving away
the source.
SUGGESTION:
Since the trick is to defeat 'source on the replacement for 'do,
how about if we request the addition of new REBOL native functions,
as sketched below...
encrypt: native [
"Encrypt 1st arg (w/ fiendishly strong crypto) into binary!"
code-or-value [block! any-string!]
encryption-key [binary!]
]
decrypt: native [
"Decrypt 1st arg (created w/ 'encrypt)"
crypt-value [binary!]
decryption-key [binary!]
]
do-crypt: native [
"Execute 1st arg after (internally only!) decrypting"
crypt-code [binary!]
decryption-key [binary!]
]
Since I waved my hand over the relationship(s) between the two key
arguments, I'm leaving open the issue of symmetric vs. asymmetric
(e.g. public key) encryption.
-jn-
