Saving encrypted customProperties outside the app?

[Dar Scott]

On Monday, September 29, 2003, at 10:55 AM, Alex Rice wrote:

> #723 "improved stack encryption capability"

The entry #577, "put stack into variable", might be generalized to 
allow 'save', 'open', and 'start using' to refer to variables.

Perhaps with that encrypted stacks could then be saved in custom 
properties and decrypted before use.  A script that looks forward to 
this might save the stack into a temporary folder and then open or 
start using.

This reduces the problem to an encryption problem.

The biggest part of that is not the method or the speed, but the 
logistics of keeping up with signatures and the like to allow users to 
verify the integrity of the module.  Users will need to depend on the 
integrity of signers and either their experience and dedication to 
managing signed code or the review-ability of the code.  To me, this 
means that initial encryption modules must be in Transcript, but I 
would consider an external.  Another possibility would be external 
programs run by shell for some needs.

We might consider which possible performance enhancements might best 
support encryption.  I think #586 would help in encryption and not just 
for speed reasons.

Variations on Blowfish might work.  (I don't mean variation as in 
fiddling with it, I mean in application and handling ends.)  If the 
situation is OK for using a stream cypher that works just the same as 
the one with the trademarked name RC4, I'd like that.  I have yet to 
figure out how to get a SEAL license from IBM, so that is probably out.

However, for the light needs of most people here, I think we can put 
together a simple stream cypher that can be reviewed easily.  Even 
though it might be weak, it might be better than some because it is 
reviewable.

Dar Scott