obviscating python code for distribution

[Steven D'Aprano]

On Thu, 19 May 2011 06:21:08 +0100, Hans Georg Schaathun wrote:

> :  Are you talking about the Mayfair classical cipher here?
> 
> I am talking about the system used in public transport cards like Oyster
> and Octopus.  I am not sure how classical it is, or whether
> mayfair/mayfare referred to the system or just a cipher.  


I think Geremy is talking about the Playfair cipher:

http://en.wikipedia.org/wiki/Playfair_cipher


> Any way, it was broken, and it took years.

You don't know that. All you know is that it took years for people to 
realise that it had been broken, when a security researcher publicly 
announced the MIFARE cipher had been broken. If criminals had broken the 
cipher, they would have had no incentive to publicize the fact, and the 
companies running Oyster and similar ticketing schemes would have no 
incentive to admit they were broken. Far from it: all the incentives are 
against disclosure.

So it's possible that Oyster cards have been counterfeited for years 
without anyone but the counterfitters, and possibly the Oyster card 
people themselves, knowing.

The real barrier to cracking Oyster cards is not that the source code is 
unavailable, but that the intersection of the set of those who know how
to break encryption, and the set of those who want to break Oyster cards, 
is relatively small. I don't know how long it took to break the encryption, 
but I'd guess that it was probably a few days of effort by somebody 
skilled in the art.

http://www.usenix.org/events/sec08/tech/full_papers/nohl/nohl_html/index.html




-- 
Steven