- Why I can't split a static library? - 5 Updates
| scott@slp53.sl.home (Scott Lurndal): Oct 29 12:12AM > __attribute__((always_inline)) >pretty much everywhere. Then I intend to use every form of optimisation there is, both at compile time and at link time. >The level of security is 'airport'. I can't tell you exactly what I'm doing, but suffice to say I'm trying to secure something that could fall into the wrong hands. If you're (1) talking about it here, and (2) taking advice from the internet you are in way over your head. |
| Frederick Gotham <cauldwell.thomas@gmail.com>: Oct 29 03:26AM -0700 On Tuesday, October 29, 2019 at 12:12:41 AM UTC, Scott Lurndal wrote: > If you're (1) talking about it here, and (2) taking advice from the internet > you are in way over your head. I'd agree with you if I didn't know already how a good skilled hacker will go about trying to figure out what my program does. |
| David Brown <david.brown@hesbynett.no>: Oct 29 01:59PM +0100 On 29/10/2019 11:26, Frederick Gotham wrote: >> internet you are in way over your head. > I'd agree with you if I didn't know already how a good skilled hacker > will go about trying to figure out what my program does. If you are working on code which may be targeted by groups with significant financial or political motivation, significant resources, and insignificant moral scruples, then Scott is right - you show that you are /way/ over your head by posting about it. Such groups will have no problem tracing you, whether your name is Frederick Gotham or Thomas Cauldwell, and will have no problem persuading you to reveal the secrets of your code. They don't need to de-compile it - there are faster, cheaper and more reliable methods when the know who wrote it. And if your code is not going to be targeted by such resourceful groups, then your obfuscation is a waste of time, and more likely to introduce errors in your code than help protect it. For security, you keep the /key/ secret - not the code or the design of the lock. You make it secure enough that the cheapest way to break the coding is by burglary - then you stop well before the cheapest method becomes rubber hose cryptoanalysis. And you certainly don't advertise what you are doing - that significantly reduces the cost of the rubber hose cryptoanalysis. |
| "Öö Tiib" <ootiib@hot.ee>: Oct 29 07:38AM -0700 On Tuesday, 29 October 2019 15:00:07 UTC+2, David Brown wrote: > Cauldwell, and will have no problem persuading you to reveal the secrets > of your code. They don't need to de-compile it - there are faster, > cheaper and more reliable methods when the know who wrote it. It seems that you guys take yet another attempt of this author of doing something that he claims isn't trolling too seriously. He did likely read from somewhere that the security experts have rejected this approach as far back as 1851 as illusionary. For example there: <https://en.wikipedia.org/wiki/Security_through_obscurity> So he pretends implementing it and then read replies for "lulz" or "keks" (or what those being deliberately grotesque say about it). |
| Frederick Gotham <cauldwell.thomas@gmail.com>: Oct 29 09:25AM -0700 On Tuesday, October 29, 2019 at 2:38:36 PM UTC, Öö Tiib wrote: > <https://en.wikipedia.org/wiki/Security_through_obscurity> > So he pretends implementing it and then read replies for "lulz" or > "keks" (or what those being deliberately grotesque say about it). You still don't know what I'm doing. Because I haven't told you. |
| You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to comp.lang.c+++unsubscribe@googlegroups.com. |
No comments:
Post a Comment