Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!xlned.com!feeder5.xlned.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.016 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'wed,': 0.03; 'discussing': 0.05; 'distinction': 0.07; 'ah,': 0.09; 'broken,': 0.09; 'cipher': 0.09; 'count.': 0.09; 'redefinition': 0.09; 'pm,': 0.10; 'broken': 0.14; 'wrote:': 0.14; 'subject:python': 0.14; '"module"': 0.16; 'find.': 0.16; 'hans': 0.16; 'insofar': 0.16; 'keys)': 0.16; 'met.': 0.16; 'oyster': 0.16; 'released.': 0.16; 'specs': 0.16; 'subject:distribution': 0.16; 'sure,': 0.16; 'tighter': 0.16; 'what?': 0.16; 'argument': 0.16; 'cc:addr:python-list': 0.17; '(which': 0.20; 'header:In-Reply-To:1': 0.21; "aren't": 0.22; "wasn't": 0.22; 'cc:2**0': 0.22; 'cc:no real name:2**0': 0.23; 'trying': 0.23; 'here?': 0.23; 'subject:code': 0.23; '\xa0if': 0.23; "doesn't": 0.25; 'checked': 0.25; 'certainly': 0.25; '(and': 0.25; 'recognized': 0.26; 'saying': 0.26; 'testing': 0.27; "i'm": 0.27; 'message-id:@mail.gmail.com': 0.28; 'problem': 0.28; 'least': 0.30; "won't": 0.30; 'cc:addr:python.org': 0.30; 'fact': 0.30; 'module': 0.30; 'analyzing': 0.30; 'modules,': 0.30; 'transport': 0.30; 'worlds': 0.30; 'google': 0.31; 'standards': 0.31; 'specifically': 0.31; 'operating': 0.32; "can't": 0.32; 'clearly': 0.32; 'components': 0.32; 'go.': 0.32; 'technical': 0.33; 'does': 0.33; 'actually': 0.33; 'rather': 0.34; 'fail': 0.34; 'there': 0.35; '-0700,': 0.35; 'option.': 0.35; '(with': 0.36; 'systems,': 0.36; 'translate': 0.36; '8bit%:8': 0.36; 'received:google.com': 0.37; 'something': 0.37; 'change': 0.37; 'received:209.85': 0.37; 'put': 0.37; 'could': 0.38; 'domain': 0.38; 'problem.': 0.38; 'but': 0.38; 'academic': 0.38; 'subject:: ': 0.38; 'received:209': 0.39; 'attempt': 0.39; 'under': 0.40; 'really': 0.40; 'more': 0.60; 'your': 0.60; 'levels': 0.63; 'secure': 0.63; 'took': 0.63; 'certified': 0.63; 'devices': 0.63; 'play': 0.64; 'world.': 0.65; 'designed': 0.65; 'believe': 0.66; 'high': 0.67; 'care': 0.72; 'verification': 0.76; 'assurance': 0.77; 'confidence': 0.82; 'research,': 0.82; '10:21': 0.84; 'bounded': 0.84; 'complexity.': 0.84; "doesn't,": 0.84; 'mifare': 0.84; 'significant.': 0.84; 'received:209.85.218.46': 0.91; 'received:mail-yi0-f46.google.com': 0.91; 'securing': 0.91; 'standards.': 0.91; 'story,': 0.91; 'absolutely': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=tQbMHO1YpJvcXUwLXfzNOSHmjGRI8qI/1YwPniuYUJg=; b=acIUwovcDSD+++Eo0kBrZ0uq2F/qFphdzTsZLY6y8KdLXLWpnF48O755P3VARCAkc0 UJHp7dw4EathEgLfr6pBosyYh9KlDtuGr3rQXhoEBObFhDSMRbwXinAQYlyKhKeuXr1p umhVUpDimF9TAyosKKH081L+JaEEBqqkxmxUo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=MD9eGhKbdkyWSEpjknxvVuYwTsdhMaDS5xevpolzhCb4AVUH1xtkppfinN0XtsmHIw gF7ZyKeBK8tGUt/Oxh6su+xiVwmLBExIESPy7c8k36pfu4GsMgdZ1negzzZKqb8a7llO EUEhc7x79m8SNX0/nJGW5xAlTTXCKV+T4eed8= MIME-Version: 1.0 In-Reply-To: <4vlea8-55t.ln1@svn.schaathun.net> References: <4DD08620.4030507@tysdomain.com> <5h9ca8-ekq.ln1@svn.schaathun.net> <1skda8-3as.ln1@svn.schaathun.net> <4vlea8-55t.ln1@svn.schaathun.net> Date: Thu, 19 May 2011 10:23:47 -0700 Subject: Re: obviscating python code for distribution From: geremy condra To: Hans Georg Schaathun Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: python-list@python.org X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 74 NNTP-Posting-Host: 82.94.164.166 X-Trace: 1305825830 news.xs4all.nl 49048 [::ffff:82.94.164.166]:49306 X-Complaints-To: abuse@xs4all.nl Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:5779 On Wed, May 18, 2011 at 10:21 PM, Hans Georg Schaathun w= rote: > On Wed, 18 May 2011 14:34:46 -0700, geremy condra > =A0 wrote: > : =A0Systems can be designed that are absolutely secure under reasonable > : =A0assumptions. The fact that it has assumptions does not make your > : =A0statement true. > : (...) > : =A0I can't tell if you're trying to play word games with the distinctio= n > : =A0between "system" and "module" or if you're just saying that you aren= 't > : =A0sure what FIPS actually certifies. Could you please clarify? > > The distinction between system and module is rather significant. > If you only consider modules, you have bounded your problem and > drastically limited the complexity. Ah, the 'word games' option. I'm not going to spend a lot of time arguing this one: HSMs are clearly the domain of systems research, are referred to in both technical and nontechnical documents as 'keystone systems', and the FIPS standard under which they are certified specifically calls them systems more times than I care to count. They are, to the people who make and use them, systems, and your attempt at redefinition won't change that. > : =A0Are you talking about the Mayfair classical cipher here? > > I am talking about the system used in public transport cards like > Oyster and Octopus. =A0I am not sure how classical it is, or whether > mayfair/mayfare referred to the system or just a cipher. =A0Any way, > it was broken, and it took years. Ah, MIFARE. That's a different story, and no, I don't believe they would have been broken sooner if the specs were released. The importance (and difficulty) of securing devices like smartcards wasn't really recognized until much later, and certainly people with a foot in both worlds were very rare for a long time. Also remember that DES (with its 56-bit keys) was recertified just a few months before MIFARE (with its 48-bit keys) was first released- it was a different world. > : =A0The entire field of formal modeling and verification has grown aroun= d > : =A0solving this problem. My new favorite in the field is "formal models > : =A0and techniques for analyzing security protocols", but there are othe= r > : =A0works discussing OS kernel verification (which has gotten a lot of > : =A0attention lately) and tons of academic literature. Google (scholar) = is > : =A0the place to go. > > Sure, but now you are considering modules, rather than systems again. > It is when these reliable components are put together to form systems > that people fail (empirically). Let me get this straight: your argument is that operating *systems* aren't systems? > : =A0If you can't say with confidence that something meets minimum securi= ty > : =A0standards, the answer is not to try to say it meets high security > : =A0standards. > > So what? =A0The levels of assurance have nothing to do with standards. > The levels of assurance refer to the /confidence/ you can have that > the standards are met. The increasing levels of assurance don't just signify that you've checked for problems- it certifies that you don't have them, at least insofar as that level of testing is able to find. Insisting that this doesn't, or shouldn't, translate into tighter security doesn't make much sense. Geremy Condra