<div dir="ltr">That was my suspicion. So then, when you go on the defensive, what do you do? How do you build a system that, even when you can see clearly into it, provides reasonable security? </div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Aug 28, 2013 at 9:09 AM, Dave Brockman <span dir="ltr"><<a href="mailto:dave@brockmans.com" target="_blank">dave@brockmans.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
</div><div class="im">On 8/28/2013 8:49 AM, Benjamin Stewart wrote:<br>
> Interesting read, thanks for posting!<br>
><br>
> Question for the security programmer folks: Are there code<br>
> obfuscation techniques, for Python or other languages, that<br>
> actually work against such a determined attacker, or is this<br>
> DropBox client pretty close to "state of the art?"<br>
<br>
</div>Short answer is no.  Given enough time, determination and debugger, at<br>
the very least, whatever assembly code your obfuscated code produces<br>
can be captured.<br>
<div class="im"><br>
> You can't really just say "don't use Python," because C et al. can<br>
> be decompiled, too.<br>
<br>
</div>If it's software, it can be decompiled....<br>
<div class="im"><br>
Regards,<br>
<br>
dtb<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.17 (MingW32)<br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
</div>iQEcBAEBAgAGBQJSHfZ1AAoJEMP+wtEOVbcdWeEH/1IzOSrCIkquTmYrwwz0R3Cx<br>
/Sr1EldScLl550JyK/tZrU1h1Teni6ITmBPCa1pTdfQdqRp061GiXYM5r3A6dwU7<br>
VO8n6LaLc96uLojSzYzKM943Uj8KQJdn3YxUrrQGa49/FTuiKL1yAJYT0wFnJE4L<br>
RBjs4k7wQe+yfnDVd9wPumDRQY0hbfAbDaVvebECsqHYXEfb+5FGDN2V1n7ennJv<br>
Su9wJFI0pUwnWz0utBDUINqOOIh9Fe9H3BIGjDwCpwgG3tO1h+dyDmN124meqMAF<br>
6tDCF12PCjrmA12g6Dv2GEAzLQW98uwK0mWPeAYemSIBmtFYHnv1/D2zfwaeecE=<br>
=js+H<br>
<div class="HOEnZb"><div class="h5">-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Chugalug mailing list<br>
<a href="mailto:Chugalug@chugalug.org">Chugalug@chugalug.org</a><br>
<a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><br><br><br>                              Benjamin Stewart<br><br>                               <o(((><<br>                               ><)))o>
</div>