encrypting python modules
Mike Meyer
mwm-keyword-python.b4bdba at mired.org
Fri Jan 11 18:21:45 EST 2008
On Sat, 12 Jan 2008 09:47:26 +1100 Ben Finney <bignose+hates-spam at benfinney.id.au> wrote:
> Paul Sijben <paul.sijben at xs4all.nl> writes:
> > I know that I can not stop a dedicated hacker deconstructing my code.
> A direct consequence of this is that you can not stop *anyone* from
> deconstructing your code if it's in their possession. It takes only
> one dedicated, skilled person to crack your obfuscation system and
> distribute an automated process for doing so to anyone interested.
Except that's not what he's trying to do.
> > However I can not imagine that I would be the first one planning to
> > do this. So is there a solution like this available somewhere?
> Trying to make bits uncopyable and unmodifiable is like trying to make
> water not wet.
And again, that's not what he's trying to do. He wants to arrange
things so that he doesn't have to support unmodified versions of his
code, by making it impossible to import modified modules. While that's
still impossible, once you decide how difficult you want to make it
for people to do that, you can *probably* make it that difficult - but
the process gets progressively more difficult and expensive as you
make it harder.
I think he's contemplating only the simplest, least expensive step:
adding an import hook that only allows imports of digitally signed
modules. If planning to deploy on Windows, where he has to bundle a
python with his application, he may well implement the hook in the
interpreter instead of in python, so it's harder to find.
If you wanted to go to the expense, you could probably arrange things
so that the digital signatures are the more vulnerable attack vectors,
but I'd expect to spend millions of dollars doing so.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
More information about the Python-list
mailing list