Internal security of Rev?
John Tregea
john at debraneys.com
Wed Jul 12 04:29:28 EDT 2006
Thanks Richard... (and Brian) (and everyone else)
Richard Gaskin wrote:
> Brian Yennie wrote:
>
>> Although probably at least non-trivial, Chipp is probably on to
>> something here. I don't think Rev script encryption is intended for
>> the highest possible security.
>
> Absolutely. All code in all languages always leave their algorithms
> exposed to anyone with a low-level debugger/disassembler. Code is not
> the place to store secure information.
>
> Code in Rev is encrypted with a DES equivalent; more than most "script
> kiddies" can break, but often little more than a weekend's work for
> someone who knows what she's doing.
>
> When a stack is encrypted, properties are also made unreadable in the
> disk file via the same DES-derived algo. But since those properties
> must be usable at runtime, anyone with a copy of Rev can simply open
> and read properties.
>
> Security is best handled with encrypting the data itself. Rev now
> supports Blowfish and others, which can be made to exceed legal limits
> if needed, certainly sufficient for most industrial, medical, or
> government applications.
>
> I haven't had a need for strong security in my apps as yet, so I'm
> confident others here can provide better details on the specifics (Dar
> -- where are you? <g>). But given the range of industrial-strength
> encryption options Rev now supports, I see no reason why anything made
> with Rev would be any less secure than anything made with any other tool.
>
More information about the use-livecode
mailing list