Securing/hiding routines
3 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Bryan_Jones
Posted On:   Monday, December 16, 2002 04:30 AM

Hi,

I'm quite a novice Java programmer and would like to know how I can secure an encryption algorithm from prying eyes.

i.e. I have an encryption algorithm that does not rely on any strong security (this is for an existing line of products and, as a result, cannot be changed). I wish to distribute a class/JAR with the encrypt/decrypt code in it and I would rather not have someone reverse engineering it.

Is there an easy way of protecting this?

Regards,
Bryan

Re: Securing/hiding routines

Posted By:   Trejkaz_Xaoza  
Posted On:   Tuesday, December 17, 2002 05:09 AM

You could go a bit further and encrypt the code itself with a heavier encryption. I recall one program on the market which uses this approach, and uses a custom classloader to decrypt the bytecode at runtime using a 'license file' (which is really just a per-user private key.)

Of course, if it's to be a public applet, and you make it 'good enough' that people want to get at it, then people *will* eventually get at it, because you would have to give everyone the same key for this approach to work.

Cheers. ^_^

Re: Securing/hiding routines

Posted By:   Lasse_Koskela  
Posted On:   Monday, December 16, 2002 10:36 AM

Unfortunately you can always reverse engineer compiled Java code into source code. Although the variable names are something like a, a1, a2, and so on, it's still (relatively) easy to figure out the algorithm.

Re: Securing/hiding routines

Posted By:   Benoit_Quintin  
Posted On:   Monday, December 16, 2002 10:27 AM

Well, fastest way I know is through a code obfuscator, but it's not 100% proof...Just Google it, and see what the results bring!!
About | Sitemap | Contact