bytecode obfuscation
Philippe Fremy
phil at freehackers.org
Sun Feb 6 08:19:21 EST 2005
Adam DePrince wrote:
> No amount of obfuscation is going to help you.
Theorically, that's true. Anything obfuscated can be broken, just like
the non obfuscated version. However it takes more skills and time to
break it. And that's the point. By raising the barrier for breaking a
product, you just eliminate a lot of potential crackers.
> The worst case if you depend on obscurity: The bad guys are rounding
> off your pennies as you read this.
That's the worst case, we all know that. A good case is to rely on open
spec and standard. However, obscurity can help if added on top of that.
I remember an article of Fyodor explaining that if you run your internal
apache server on port 1234 (for an enterprise) with all the normal
security turned on, you avoid 80% of the common cracker. You should not
rely on the port number for security but changing it improves it.
Philippe
More information about the Python-list
mailing list