[sword-devel] encryption and integrity checking.
dmsmith at crosswire.org
Wed Mar 11 05:29:43 MST 2009
On Mar 11, 2009, at 5:04 AM, Peter von Kaehne wrote:
> One of the problems which has come up again and again when discussing
> with publishers has been the worry that texts which are released to
> CrossWire become an easy target for abuse - either commercial abuse
> texts of some commercial importance or, more worrying to me at least -
> manipulation of texts by cults and other entities.
> What possible solutions could we offer to provide text encryption and
> integrity checking in a plausible way which would not violate GPL and
> goes beyond our current practice of simply incorporating a key into
> conf files?
> This is a serious and important question. I am aware of several texts
> which we did not get or where people hesitate because this is not
> possible right now.
I've thought about this quite a bit as it has bothered me quite a bit.
It especially bothers me that some so called Christians feel free to
steal and won't honor ownership. I've heard all kinds of
As pointed out in other's replies there are some issues:
The problem of theft has several vectors:
1) Unauthorized sharing. A user exports a module, key and all, and
then passes it along. In BibleTime, keys are not held in the conf.
This is an added safety mechanism.
2) Exporting the module. A user uses mod2imp, diatheke, or some other
program that decrypts and outputs the text to get a copy of the text.
Once there it can be used for any purpose. Unfortunately, the way
things stand today, anything we do can easily be undone. But we should
at least "lock the doors" to get a thief to move on to an easier target.
I've thought about a double key mechanism. The one key would be the
module's key, the other would lock the first. I'm not really up on
security issues, but I could read up.
Other systems, such as e-Sword, are easy to hack their lock. Some use
obscurity rather than encryption to lock their works.
I'm thinking that we should also change the exporters to mark text as
being locked (perhaps tagging every verse with a copyright statement),
limit the number and kind of entries that can be exported at one time,
and perhaps warn "Let the thief no longer steal."
The best solution would be one that a developer cannot undo, e.g.
revert the changes in the code.
3) Screen scraping/Copy&Paste - Ultimately every text that can be
viewed, whose contents can be copied to a clipboard, can be stolen.
The problem of integrity:
I had not thought much about this one before. I have heard that
Jehovah's Witnesses will often take a translation, pervert it to serve
their own beliefs, and then redistribute it. I've also heard that some
others will pervert to subvert it's quality. Having a mechanism to
ensure that the text has not been changed would be a good one for all
I wonder if signing is heavier than necessary? Part of signing that is
not widely appreciated is that unless a signature is validated by a
signing authority, it does not mean much. That is generally, pretty
costly. Perhaps a simple checksum kept in the conf would be sufficient?
More information about the sword-devel