obviscating python code for distribution

[Hans Georg Schaathun]

On 19 May 2011 08:47:28 GMT, Steven D'Aprano
  <steve+comp.lang.python at pearwood.info> wrote:
:  The real barrier to cracking Oyster cards is not that the source code is 
:  unavailable, but that the intersection of the set of those who know how
:  to break encryption, and the set of those who want to break Oyster cards, 
:  is relatively small. I don't know how long it took to break the encryption, 
:  but I'd guess that it was probably a few days of effort by somebody 
:  skilled in the art.
: 
:  http://www.usenix.org/events/sec08/tech/full_papers/nohl/nohl_html/index.html

In that paper, more than one art seem to have been applied.  An open 
design would have eliminated the need for image analysis and reduced
the requirement on hardware/electronics skills.  Hence, the obfuscation
has made that intersection you talk about smaller, and increased the
cost of mounting the attack.  As the system was broken anyway, it is
hardly a victory for obfuscation, but that's beside the point.

The work of that paper is almost certainly more than just «a few
days of effort».  There are simply to many technical issues to tackle,
and they must be tackled one by one.  The cost of mounting the attack
is to figure out what it takes to do it, before spend the resources
barking up the wrong tree.  For each successful attack, there probably
is a number of failed ones.

Thanks for the reference.

BTW.  That's not the only attack on MIFARE.  I cannot remember the
details of the other.

-- 
:-- Hans Georg