Thanks to Andrew Martin and Joel Neely for the reply
Joel:
I agree that the replacement DO as suggested by Andrew would not give much security.
Also agree
that having a way to protect a script will greatly help create a market for REBOL
programs.
How do we push your suggestion for a native encrypt/decrypt function forward? Do we
put it to a
Vote on this list or drop it in the suggestion box or is there some other procedure ;-)
I do have three related questions:
a. Would a binary encrypt/decrypt be a very big performance hit? (Well ok just
how do we
quantify big?)
b. Is it currently possible to view a script as it is executing (some sort of
debug or trace
feature).
c. is it possible to assign a script to a word then view a script using SOURCE,
after the
script has executed e.g., myscript: system/script or myscript: %ms.r
Do myscript
source myscript
Just a thought that if encrypted one still might be able to see the script at some
point during or
after execution
Regards
Mike: [EMAIL PROTECTED]
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 10, 2000 4:21 PM
Subject: [REBOL] how to create a hidden or encrypted script? Re:(2)
: [EMAIL PROTECTED] wrote:
: >
: > ...
: >
: > 2 Write a replacement 'do function, that can "do" a encrypted
: > rebol script, by first decrypting it using your favourite method,
: > then using the REBOL's 'do. Only distribute encrypted REBOL scripts
: > to students.
: >
:
: Actually, this wouldn't be secure at all. The replacement 'do written
: by a user would itself be insecure, therefore a (probably not even
: very) clever attacker could just apply the decryption algorithm to the
: encrypted script and save the result. Conceptually (I know that
: the details would be uglier) it boils down to:
:
: replacement-do: func [encrypted-script [binary!]] [
: do decryption-function encrypted-script
: ]
:
: which can be attacked by
:
: replace second :replacement-do 'do 'print
:
: or
:
: remove second :replacement-do
:
: As I said above, I know the replacement-do could be written in a much
: more complex fashion, but it should still be easy to 'source it and
: factor out the decryption function.
:
: IMHO, it'll be hard to have a sustainable market for REBOL programs
: until one can deliver working code without simultaneously giving away
: the source.
:
: SUGGESTION:
:
: Since the trick is to defeat 'source on the replacement for 'do,
: how about if we request the addition of new REBOL native functions,
: as sketched below...
:
: encrypt: native [
: "Encrypt 1st arg (w/ fiendishly strong crypto) into binary!"
: code-or-value [block! any-string!]
: encryption-key [binary!]
: ]
:
: decrypt: native [
: "Decrypt 1st arg (created w/ 'encrypt)"
: crypt-value [binary!]
: decryption-key [binary!]
: ]
:
: do-crypt: native [
: "Execute 1st arg after (internally only!) decrypting"
: crypt-code [binary!]
: decryption-key [binary!]
: ]
:
: Since I waved my hand over the relationship(s) between the two key
: arguments, I'm leaving open the issue of symmetric vs. asymmetric
: (e.g. public key) encryption.
:
: -jn-
:
:
