More on Protecting Source Code

Rolf Kalbermatter rolf.kalbermatter at citeng.com
Tue Sep 17 12:14:55 CEST 2002


> Well, I think of it this way: machine coded binaries are more
> like a 128 bit
> key and Python is more like a 40 bit key. I agree that nothing is
> safe from
> reverse engineering; it's a matter of how much pain and money it takes to
> unscrut the inscrutable. Python could do better - how I'm not
> totally sure.

Personally I feel that getting at the idea of (parts) of a 32 bit PE
executable code in the environments I usually work in is easier for me
than finding out what the Python byte code in a compiled module would
do ;-)

That left beside I really wonder if Python should cater to people feeling
their development is so valuable that everybody wants to steal it in huge
masses and ignore the existing copyright laws. The incidential hacker who
looks at the code and may get a good idea is probably much less dangerous
in terms of profitloss than the average user posting its license key or
whatever in some public forum so that everybody may be installing and
using the software illegal. Obfuscating your code will maybe cause the
hacker a few hours extra work but neverhtless not stop him to find out
eventually what you have done. On the other hand it will not stop the
average user to post his license keys in any way or just copy the pirated
software, but most probably even promote it.

I also believe that the very nature of Python being an Open Source project
doesn't lend itself naturally to usage in a product from someone being kind
of paranoic and overly concerned with obscure protection of his ideas. And
I'm sure that the time spent to try to make Python more obfuscating its byte
code can be spent much more productive in improving Python itself and adding
new features and extensions instead.

The decision in the Python developer community to not spend a lot of efforts
in Python to obfuscate its code may lead to less commercial usage of Python,
that is true. However I wonder if that is a problem at all as it seems to me
that Python has a very active developer and user community already. Enough
anyhow to guarantee that it will be around for many years to come.
If this community decides that the addition of code obfuscation does not
justify the possible gain in usage by commercial entities who are most happy
to profit from the Python efforts but being the paranoids they are, also
quite
likely to not contribute back to Python in some ways, it is their full
right!

>> Anyway, good luck!  If your software is any better than your protection
>> scheme I'll download it from http://www.warez.com when you release it ;)
>
>I'd like it: it would means my software it's worth to crack.

Which again comes down to the point: If it's worthful it will be cracked
anyhow eventually, and otherwise why bother?

Rolf Kalbermatter





More information about the Python-list mailing list