[Python-ideas] I have an encrypted python module format: .pye

Steven D'Aprano steve at pearwood.info
Sun May 13 11:36:52 CEST 2012 

Mike Meyer wrote:
> On Sat, 12 May 2012 13:13:59 -0400
> Brett Cannon <brett at python.org> wrote:
> 
>> On Fri, May 11, 2012 at 6:27 PM, li wang <charlesw123456 at gmail.com> wrote:
>>> I want to use python in my product because I like and familiar with
>>> python for many years, but I won't let the customer to read and modify
>>> my code. So the best way is to encrypt my module .py to .pye.
>> Actually it's better to simply ship the .pyc/.pyo files and/or to minify
>> the code to make it unreadable. As everyone pointed out, the encryption you
>> are proposing won't stop anyone from reading your source, it will just make
>> it a little harder.
> 
> I think it's worth explaining why just shipping the .pyc/.pyo files is
> "better".
> 
> If it's not clear by now, a fancy encryption scheme won't protect your
> sources from someone who really wants to read them. On the other hand,
> shipping just the .pyc/.pyo files will stop casual browsing. The only
> real difference here is how much effort it takes to get the source. To
> carry Guido's analogy further, both lock your front door, one just
> uses a better lock. Neither will stop a determined burglar.

I think Guido's analogy is bogus and wrongly suggests that encrypting 
applications just might work if you try hard enough. If we can lock the door 
and keep strangers from peeking inside, why can't we encrypt apps and stop 
people from peeking at the code? But the analogy doesn't follow. In the front 
door example, untrusted people don't have a key and are forced to pick or 
break the lock to get it. In the encryption example, untrusted people are 
given the key (as an environment variable), then trusted not to use it to read 
the source code!

(Possibly on the assumption that they don't realise they have the key, or that 
using it manually is too difficult for them.)

Ultimately, on a computer the user controls, with a key they have access to, 
they can bypass any encryption or security you install. That's why e.g. so 
many forms of copy protection and digital restrictions software try to take 
control away from the user, to some greater or lesser degree of success.


-- 
Steven

More information about the Python-ideas mailing list