Internal security of Rev?
Richard Gaskin
ambassador at fourthworld.com
Wed Jul 12 00:32:05 EDT 2006
Brian Yennie wrote:
> Although probably at least non-trivial, Chipp is probably on to
> something here. I don't think Rev script encryption is intended for the
> highest possible security.
Absolutely. All code in all languages always leave their algorithms
exposed to anyone with a low-level debugger/disassembler. Code is not
the place to store secure information.
Code in Rev is encrypted with a DES equivalent; more than most "script
kiddies" can break, but often little more than a weekend's work for
someone who knows what she's doing.
When a stack is encrypted, properties are also made unreadable in the
disk file via the same DES-derived algo. But since those properties
must be usable at runtime, anyone with a copy of Rev can simply open and
read properties.
Security is best handled with encrypting the data itself. Rev now
supports Blowfish and others, which can be made to exceed legal limits
if needed, certainly sufficient for most industrial, medical, or
government applications.
I haven't had a need for strong security in my apps as yet, so I'm
confident others here can provide better details on the specifics (Dar
-- where are you? <g>). But given the range of industrial-strength
encryption options Rev now supports, I see no reason why anything made
with Rev would be any less secure than anything made with any other tool.
--
Richard Gaskin
Fourth World Media Corporation
___________________________________________________________
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the use-livecode
mailing list