|
|
[apologies if this is fixed in the latest patch -- I haven't installed it yet]
I noticed this as I was browsing around.
ProtectedProductSessionManager>>cipherMethod:with: reads:
============
cipherMethod: aCompiledMethod with: aPC1Cipher
"Private - Encrypts aCompiledMethod using aPC1Cipher"
| cipheredBytecodes |
cipheredBytecodes := aCompiledMethod byteCodes collect:[:each | aPC1Cipher
reset cipher: each].
aCompiledMethod byteCodes: cipheredBytecodes.
============
It's resetting the cypher stream after each byte, so it amounts to a (very,
very, slow [*]) transposition cypher, since it'll replace every occurrence of
each byte value with the same "encrypted" version. I imagine it's intended to
read more like (untested):
============
cipherMethod: aCompiledMethod with: aPC1Cipher
"Private - Encrypts aCompiledMethod using aPC1Cipher"
| cipheredBytecodes |
aPC1Cipher reset.
cipheredBytecodes := aCompiledMethod byteCodes collect:[:each | aPC1Cipher
cipher: each].
aCompiledMethod byteCodes: cipheredBytecodes.
============
That's still a bit dodgy, since it suffers from the usual problem of encrypting
many, fairly redundant, texts with the same aPC1Cipher. That shouldn't be too
much a problem in this case (since getting at the encrypted versions would be
tricky in this context -- embedded as they are in a deployed executable that
won't run), but it's worth mentioning the potential weakness anyway.
-- chris
*) Around 0.7 secs/KByte on this machine!
|
Locked
