Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <debatem1@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.011
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'wed,': 0.03; 'frameworks': 0.04; 'discussing': 0.05; 'instance,': 0.05; 'ah,': 0.09; 'correct.': 0.09; 'interacting': 0.09; 'so?': 0.09; 'teams,': 0.09; 'solutions,': 0.12; 'am,': 0.14; 'meaningful': 0.14; 'received:209.85.214.174': 0.14; 'received:mail- iw0-f174.google.com': 0.14; 'wrote:': 0.14; 'subject:python': 0.14; 'developer': 0.15; "doesn't.": 0.16; 'hackers': 0.16; 'hans': 0.16; 'model.': 0.16; 'obviously,': 0.16; 'subject:distribution': 0.16; '\xa0as': 0.16; '\xa0for': 0.16; '\xa0please': 0.16; 'why.': 0.16; 'cc:addr:python-list': 0.17; 'header:In-Reply-To:1': 0.21; 'cc:2**0': 0.22; 'maybe': 0.23; 'cc:no real name:2**0': 0.23; 'trying': 0.23; 'subject:code': 0.23; '\xa0if': 0.23; 'appear': 0.23; 'code': 0.24; "doesn't": 0.25; 'specified': 0.26; 'windows': 0.26; 'script': 0.27; "i'm": 0.27; 'message-id:@mail.gmail.com': 0.28; 'received:209.85.214': 0.28; 'originally': 0.29; 'theoretical': 0.29; 'cc:addr:python.org': 0.30; 'confident': 0.30; 'it.': 0.31; 'full- time': 0.31; 'player': 0.31; 'seem': 0.32; 'done': 0.32; 'yet': 0.32; 'does': 0.33; 'break': 0.33; 'rather': 0.34; 'source': 0.34; 'one,': 0.34; 'there': 0.35; '-0700,': 0.35; 'body,': 0.35; 'quite': 0.36; 'actual': 0.36; 'systems,': 0.36; 'received:google.com': 0.37; 'something': 0.37; 'received:209.85': 0.37; 'floating': 0.37; 'playing': 0.37; 'security.': 0.37; 'model': 0.37; 'pretty': 0.37; 'think': 0.38; 'could': 0.38; 'but': 0.38; 'subject:: ': 0.38; 'some': 0.38; 'should': 0.39; 'said': 0.39; 'perhaps': 0.39; 'received:209': 0.39; 'system.': 0.39; 'absolute': 0.40; 'really': 0.40; 'simply': 0.60; 'your': 0.60; 'levels': 0.63; 'secure': 0.63; 'adobe': 0.63; 'design': 0.63; 'lower': 0.64; 'dedicated': 0.65; 'interest': 0.65; 'view': 0.66; 'protection': 0.66; 'day': 0.67; 'kept': 0.67; 'roughly': 0.67; 'secure.': 0.67; 'prove': 0.68; 'air': 0.70; 'flash': 0.72; 'targeted': 0.74; 'verification': 0.76; '10:33': 0.84; 'developed.': 0.84; 'obfuscation,': 0.84; 'philosophy,': 0.84; 'stupid': 0.84; 'targeting': 0.84; 'acrobat': 0.93; 'malware': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=9cBF4Ymvmgm94Ga+2kG7Yi3Gj1wzlgrM2nwpaRDVGXI=; b=Eo8ilGEFNTk9m5/fHpDD1gc++sM4x95gWYkOU1BlEiUUE7dWd2kNcARBJ1uneHdLiO A8aNJtZ3sF0ku29HXSWOBbDhGs3xS3efDORBwymOuP1oSDCqz9FzgXnEkOIO8BqSDPIk C0LKosWPe5Q56C4OzWSBbY+a6TLiLhLU+6LGk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=Sei/xA33IaP7i/QyuA6ABq8ekFD0UEuUv2bcNxVwdCPAA/1vYFrKLFgYaOpZ+3ZsOQ 1JqO5V/y8FRJ0XHhesR23lMFk8se7jAmq0fwEAsRxZb24qX+9+YBinvrCXycmJiv5y5S Oo0ElcQHmkfVz8gdnHox+sv1yVVBucgv5P0Cc=
MIME-Version: 1.0
In-Reply-To: <rgcda8-tor.ln1@svn.schaathun.net>
References: <4DD08620.4030507@tysdomain.com> <mailman.1611.1305512463.9059.python-list@python.org> <op.vvlipenoa8ncjz@gnudebst> <5h9ca8-ekq.ln1@svn.schaathun.net> <mailman.1757.1305737674.9059.python-list@python.org> <rgcda8-tor.ln1@svn.schaathun.net>
Date: Wed, 18 May 2011 12:07:49 -0700
Subject: Re: obviscating python code for distribution
From: geremy condra <debatem1@gmail.com>
To: Hans Georg Schaathun <hg@schaathun.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: python-list@python.org
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.1769.1305745672.9059.python-list@python.org>
Lines: 73
NNTP-Posting-Host: 82.94.164.166
X-Trace: 1305745672 news.xs4all.nl 49176 [::ffff:82.94.164.166]:45084
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:5729

On Wed, May 18, 2011 at 10:33 AM, Hans Georg Schaathun <hg@schaathun.net> w=
rote:
> On Wed, 18 May 2011 09:54:30 -0700, geremy condra
> =A0<debatem1@gmail.com> wrote:
> : =A0On Wed, May 18, 2011 at 12:36 AM, Hans Georg Schaathun <hg@schaathun=
.net> wrote:
> : > But then, nothing is secure in any absolute sense.
> :
> : =A0If you're talking security and not philosophy, there is such a thing
> : =A0as a secure system. As a developer you should aim for it.
>
> You think so? =A0Please name one, and let us know how you know that it
> is secure.

I was playing around with an HSM the other day that had originally
targeted FIPS 140-3 level 5, complete with formal verification models
and active side-channel countermeasures. I'm quite confident that it
was secure in nearly any practical sense.

> : > and thereby provides some level of security.
> :
> : =A0The on-the-ground reality is that it doesn't. Lack of access to the
> : =A0source code has not kept windows or adobe acrobat or flash player
> : =A0secure, and they have large full-time security teams, and as you mig=
ht
> : =A0imagine from the amount of malware floating around targeting those
> : =A0systems there are a lot of people who have these skills in spades.
>
> You are just demonstrating that it does not provide complete security,
> something which I never argued against.

Ah, my mistake- when you said 'some level of security' I read that as
'some meaningful level of security'. If you were arguing that it
provided roughly as much protection to your code as the curtain of air
surrounding you does to your body, then yes- you're correct.

> : > Obviously, if your threat sources are dedicated hackers or maybe MI5,
> : > there is no point bothering with obfuscation, but if your threat sour=
ce
> : > is script kiddies, then it might be quite effective.
> :
> : =A0On the theory that any attack model without an adversary is
> : =A0automatically secure?
>
> No, on the assumption that we were discussing real systems, real
> threats, and practical solutions, rather than models and theory.
> There will always be adversaries, but they have limited means, and
> limited interest in your system. =A0And the limits vary. =A0Any marginal
> control will stave off a few potential attackers who just could not
> be bothered.

Empirically this doesn't appear to be a successful gambit, and from an
attacker's point of view it's pretty easy to see why. When a system
I'm trying to break turns out to have done something stupid like this,
it really just ticks me off, and I know a lot of actual attackers who
think the same way.

> In theory, you can of course talk about absolute security. =A0For
> instance, one can design something like AES=B9, which is secure in
> a very limited, theoretical model. =A0However, to be of any practical
> use, AES must be built into a system, interacting with other systems,
> and the theory and skills to prove that such a system be secure simply
> has not been developed.

This is flatly incorrect.

> Why do you think Common Criteria have not yet specified frameworks
> for the top levels of assurance?

Perhaps because the lower levels of 'assurance' don't seem to provide very =
much.

Geremy Condra