Protecting Source Code
Peter Hansen
peter at engcorp.com
Fri May 9 09:06:42 EDT 2003
John Wilson wrote:
>
> There are several solutions. One that I have used is the Dallas
> Semiconductor Crypto iButton (http://www.ibutton.com/ibuttons/java.html).
> The private key is held on the tamper proof token and *never* appears in the
> memory of the computer. The decryption occurs on the iButton and the
> cleartext comes back. The button can be programmed to destroy the private
> key after a set date, it runs its own clock off its own internal battery.
I have experience with such keys. Many customers are very
turned off by them, often to the point of refusing to purchase
software that requires them. This is not a generally applicable
solution, I'm afraid, although there are markets where it is
a good solution.
Note, however, that hackers still find great joy in going into the
software itself and bypassing the calls to such devices, substituting
alternate routines with pre-decoded data, etc. A quick check on
the web will usually reveal a number of cracked versions of programs
that were originally protected with such keys. Not all, but it's
definitely not a guaranteed solution.
-Peter
More information about the Python-list
mailing list