From: John Pettitt <jpp@software.net>
Date: Thu, 21 Dec 95 20:58:29 PST
To: "Beavis B. Thoopit" <andr0id@midwest.net (Jason Rentz)
Subject: Re: ex encrypted script
Message-ID: <199512220457.UAA05102@software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 10:57 PM 12/21/95 -0500, Beavis B. Thoopit wrote:
>> >| Is there a way to encrypt a script yet still allow it to be runnable?  I
>> >| know that the simple answer is to write it in C and compile it but I don't
>> >| have the means of doing that at the moment.  (i.e. there is not
compiler on
>> >| the system)
>> >| 
>> >| I thought of a few simple protections but they all involve decrypting
before
>> >| running.
>> >
>> >	Ever hear of chmod?  chown?
>> >Adam
>> 
>> The vendor also has superuser access..  chmod chown won't protect it.. :(
>
>I once had to obfuscate an awk script.  "Cryptography is Economics."  My
>job was to make it difficult for the enemy to steal the source.  There
>was a license agreement...
>
>The simple answer of "no" is right in the strong sense, but there are
>tricks to make life difficult for the amateur attacker.
>
>My approach was a self-decrypting program.  The "real" script was
>encrypted within the body of the encasing script.  For increased
>obfuscation, decrypt only small pieces at a time.
>
>
There is encrypt and then there is render useless to the reader.

A tale I hear is that when HP had to deliver operating system source to
the french government they stripped all comments and changed all variable
and subroutine names to 32 byte strings of I 1 0 (zero) and O (uppercase O).
It still compiled but was 100% useless to human readers.


--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)