Hiding code from intruders, a different slant on an old question
alister
alister.nospam.ware at ntlworld.com
Wed Oct 7 09:05:07 EDT 2015
On Wed, 07 Oct 2015 10:38:37 +0100, cl wrote:
> I know questions similar to this are often asked but my reasons for
> wanting to do this (and thus ways it can be done) are slightly
> different.
>
> I have a number of little utility scripts (python and others) which I
> use to automate the process of decrypting and displaying things like
> files containing passwords.
>
> The encryption I use is reasonably secure anyway but I'd like to hide
> the programs/methods I use so that:-
>
> 1 - The encrypted files are not identifiable as encrypted data (the file
> command just returns 'data' so they can't be identified by that). If
> there's a script in my ~/bin directory that relates directly to the
> files it's obvious they're encrypted.
>
> 2 - The method used for encryption isn't obvious, again an obvious
> script will show the program I have used.
>
>
> I *could* write a C program which just exec()'s the required programs,
> if they're done separately this would be fairly well hidden but I was
> wondering if there's anything more obvious I can do that enables me to
> do things easily in Python.
>
>
> This is for protecting against any possible intruder who has gained
> access to my system by breaking an ssh password or stealing my laptop
> for example. It's *not* for hiding code that I'm giving to others,
> I'd be quite happy to give the code in question to people who might want
> to use it.
The general rule with all forms of encryption is that the method is not
secret. it is the key that needs to be kept secret.
in the same way that the mechanical principles of the lock on your front
door are public knowledge, the profile of the key itself (which is needed
to unlock the door) is unknown.
Example:
With a simple Cesar the method is "shift the alphabet by 'X' characters
and X is the key
if the key is unknown then the attacker still has to brute force the
method (admittedly with only 25 options this is not difficult)
--
Down with categorical imperative!
More information about the Python-list
mailing list