Re: Encrypted software backups?

From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 10/09/03

• Next message: David A. Scott: "David Wagner where are you?"
• Previous message: Nudge: "Re: Evaluation of MegaSnakeOil by "expert""
• In reply to: TC: "Encrypted software backups?"
• Next in thread: Mxsmanic: "Re: Encrypted software backups?"
• Reply: Mxsmanic: "Re: Encrypted software backups?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 09 Oct 2003 11:03:09 -0700

"TC" <a@b.c.d> writes:
> I'm increasingly worried about losing the sourcecode! This would be a
> disaster for me, legally & otherwise. So I have taken various copies, &
> strewn them around the place (home, car, friends etc.). This seems fairly
> amateurish, and I would like to do it better.

That's silly. Rent a safe deposit box in a bank and put a copy there.
Also, rent some disk space on a geographically remote server and push
an encrypted copy of your code to the server every so often. Encrypt
it with an existing program like PGP, not something you've concocted
yourself.

> So it occured to me, why not put an encrypted copy of the whole sourcecode,
> on each distribution CD? It is only a few extra Mb, so space is not an
> issue. Then, every person who I sold it to, would become another source of
> backup! There would be no way for me to lose the software, unless I forgot
> the decryption key - which could be placed in escrow, or whatever.

If you have some way to escrow the decryption key, you can do the same
with the source code.

Another way is to simply release the source code to your clients under
an NDA. That provides them with much more value and is likely to be
good for your business. Most people who keep source code secret
overestimate the value of doing that.
>
> I'm thinking of using RC4 with a fixed key (say 64 bits, whatever). ..

That algorithm is fine for your purpose, but deploying it (or anything
else with cryptography) requires knowing what you're doing in order to
avoid making dumb errors having nothing to do with the key length.
For your purpose you're better off using conventional means to back up
your code.

If you really want to encrypt your code like that, use PGP or GnuPG.
Don't roll your own crypto.

---

• Next message: David A. Scott: "David Wagner where are you?"
• Previous message: Nudge: "Re: Evaluation of MegaSnakeOil by "expert""
• In reply to: TC: "Encrypted software backups?"
• Next in thread: Mxsmanic: "Re: Encrypted software backups?"
• Reply: Mxsmanic: "Re: Encrypted software backups?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: perl source code encryption ... I want to encrypt my perl source code. ... So how to encrypt all perl codes includes the modules. ... If all you are trying to do is add a hurdle for them to jump take a ... (perl.beginners) Re: OT| U.S. democracy in peril ... >All commercial programs have provisions to be encrypted so as to ... >method used to encrypt the Diebold machines was a method called ... Moreover, because the KEY was IN the source code, ... >all Diebold machines would respond to the same key. ... (sci.space.policy) Re: Locking code in VB 6.0 ... If you mean the source code, there's nothing to keep people from looking at ... it unless you encrypt it. ... Use Winzip. ... strength" encryption and password protection. ... (microsoft.public.vb.general.discussion) Re: how to hide source code ... If you truly encrypt, you'd have to have something on the client to decrypt. ... to understand your source code. ... (microsoft.public.frontpage.programming) Re: Cryptography text book - advice sought... ... Source Code in C: Protocols, Algorithms and Source Code in C" by Bruce ... implementing a domain-specific "provably secure" (as far as that is ... Innovative Cryptography ... (sci.crypt)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)