[sword-devel] Cool idea: Commercial Linux /Windows Bible program based on Sword

[Chris Little]

> Perhaps the company could just provide a plug-in component that Sword
> would call to handle encrypted modules. The encrypted modules would
> also be provided by the company and could be included on the Sword CD
> after an agreement was signed. This way Sword itself could remain
> clearly open source and cooperation would be easier.

The problem I see with this is the ability to write exporters.  An example
of this would be the console front end diatheke.  In one command, you can
have it print an entire work, even if it is encrypted.  If Sword remained
open-source and just send calls to a closed-source
dynamically-linked/shared-object library plug-in, anyone could copy the
calls to their own program, make an exporter, and circumvent the protection
entirely.

What we could do is have an open-source front-end that used a
statically-linked, closed-source, and undistributed library.  That way, the
front-end can go on being open-source, but would not be usable for locked
modules unless it was the commercial version linked with the decryption
library.

It would still come down to the security of a single key though.  I suspect
that our security, as it stands, is as strong as any of the commercial
products', despite our being open source.  Without the key, you're going to
have to do a nasty brute force attack on every module you want to crack.
Most of the commercial modules are much less secure, relying instead on
proprietary file formats and lists of texts to reveal/hide from the
front-end rather than actual encryption.

Logos is supposed to have numerous security models to meet a publisher's
needs in their next version.  We could implement something similar, ranging
from simple key unlocks to hard-drive tied unlocks to online-viewing only
unlocks.  It might encourage publishers to increase nasty restrictions on
use, however, so we might do well to pretend this possibility doesn't exist.

--Chris