Internal security of Rev?

[John Tregea]

Thanks Richard... (and Brian) (and everyone else)

Richard Gaskin wrote:
> Brian Yennie wrote:
>
>> Although probably at least non-trivial, Chipp is probably on to 
>> something here. I don't think Rev script encryption is intended for 
>> the highest possible security.
>
> Absolutely.  All code in all languages always leave their algorithms 
> exposed to anyone with a low-level debugger/disassembler.  Code is not 
> the place to store secure information.
>
> Code in Rev is encrypted with a DES equivalent; more than most "script 
> kiddies" can break, but often little more than a weekend's work for 
> someone who knows what she's doing.
>
> When a stack is encrypted, properties are also made unreadable in the 
> disk file via the same DES-derived algo.  But since those properties 
> must be usable at runtime, anyone with a copy of Rev can simply open 
> and read properties.
>
> Security is best handled with encrypting the data itself.  Rev now 
> supports Blowfish and others, which can be made to exceed legal limits 
> if needed, certainly sufficient for most industrial, medical, or 
> government applications.
>
> I haven't had a need for strong security in my apps as yet, so I'm 
> confident others here can provide better details on the specifics (Dar 
> -- where are you? <g>).  But given the range of industrial-strength 
> encryption options Rev now supports, I see no reason why anything made 
> with Rev would be any less secure than anything made with any other tool.
>