Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.030 X-Spam-Evidence: '*H*': 0.94; '*S*': 0.00; 'wed,': 0.03; '"report': 0.09; 'underlying': 0.09; 'wrote:': 0.14; 'subject:python': 0.14; 'developer': 0.15; 'hackers': 0.16; 'hans': 0.16; 'mounting': 0.16; 'obviously,': 0.16; 'risk,': 0.16; 'subject:distribution': 0.16; 'received:74.125.82.174': 0.16; 'received:mail- wy0-f174.google.com': 0.16; 'cc:addr:python-list': 0.17; 'header :In-Reply-To:1': 0.21; 'cc:2**0': 0.22; 'maybe': 0.23; 'cc:no real name:2**0': 0.23; 'subject:code': 0.23; 'code': 0.24; 'later': 0.26; 'script': 0.27; 'message-id:@mail.gmail.com': 0.28; 'cc:addr:python.org': 0.30; 'changes': 0.30; 'actually': 0.33; 'source': 0.34; 'there': 0.35; 'quite': 0.36; 'received:google.com': 0.37; 'security.': 0.37; 'received:74.125.82': 0.38; 'received:74.125': 0.38; 'but': 0.38; 'subject:: ': 0.38; 'some': 0.38; 'should': 0.39; 'difficult': 0.39; 'absolute': 0.40; 'best': 0.60; 'your': 0.60; 'url:co': 0.62; 'secure': 0.63; 'dedicated': 0.65; 'cost': 0.65; 'making': 0.67; 'phase': 0.77; 'obfuscation,': 0.84; 'flip': 0.91; 'risk.': 0.91; 'increases': 0.93 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=J0qjZMUReqDNQrckD3XBNdcd74MfT91PFOkmfiUJr/I=; b=dfLTB8Y83xebuifRgkkSlNKfkF+iYBa0Wk31tawfHctb45csmhw8ftNN7XYfjfErSq 2mxc2yrXomKy/6L6s9e4AVi99jVPTf6HGC8JxvIe4Vfyhzs+keJdZDyzJVX8mFlNJfgU 8QDksomtPBHYa+Epppatka66xh9GZ4HQ68Yig= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=XTjp0vQcXZ1Wup2dqK5A0J92C0HnCeqrOfnCyD0Nphnc+Z1TqO5Eikiimlbo1eAvG+ SDlyMVY0Z9L8ilAsrewb15/r+sN9x53STdXmDb+t6QltUZP/+fiG8Im0xSRlXSna0THI iNrFXwbj4/te9LDSQM0FevSe5TJnxWiTpEuD0= MIME-Version: 1.0 In-Reply-To: <5h9ca8-ekq.ln1@svn.schaathun.net> References: <4DD08620.4030507@tysdomain.com> <5h9ca8-ekq.ln1@svn.schaathun.net> Date: Wed, 18 May 2011 17:42:36 +0300 Subject: Re: obviscating python code for distribution From: Dotan Cohen To: Hans Georg Schaathun Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: python-list@python.org X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 25 NNTP-Posting-Host: 82.94.164.166 X-Trace: 1305729758 news.xs4all.nl 49179 [::ffff:82.94.164.166]:54201 X-Complaints-To: abuse@xs4all.nl Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:5701 On Wed, May 18, 2011 at 10:36, Hans Georg Schaathun wrot= e: > But then, nothing is secure in any absolute sense. =C2=A0The best you can > do with all your security efforts is to manage risk. =C2=A0Since obfuscat= ion > increases the cost of mounting an attack, it also reduces risk, > and thereby provides some level of security. > > Obviously, if your threat sources are dedicated hackers or maybe MI5, > there is no point bothering with obfuscation, but if your threat source > is script kiddies, then it might be quite effective. > The flip side is that the developer will not know about weaknesses until much later in the development, when making changes to the underlying code organization may be difficult or impossible. In this early phase of development, he should actually encourage the script kiddies to "report the bugs". --=20 Dotan Cohen http://gibberish.co.il http://what-is-what.com