lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Hi all,

Lisa Parratt wrote:
Kein-Hong Man wrote:
After reading all the suggestions in the previous e-mails, I don't see why bytecode need to be sent instead of the source code. Lua bytecode doesn't offer any significant size, performance

Others have pointed out the benefits of not invoking the parser.

[In danger of extending this thread for too long and rehashing known knowns... sorry :-)]

I should clarify my above statement; I was mainly responding to Mike Henderson's e-mail on his app and talking about non-embedded apps in general. Of course, some applications will have a valid need to use bytecode. For Mac universal binaries with common binary chunk data, obviously byte-swapping will be needed. With known data sizes, perhaps bswap or lwbrx can even speed things up a bit. But when there is no critical benefit, IMHO the use of bytecode should be a last resort thing. Thus, vanilla Lua should not encourage it.

or security advantage over source code.

I'd have thought encrypted source would be significantly easier to crack than encrypted byte codes.

Answered by Mike Pall. I find that many x86 stripped binary chunks are a bit smaller than the equivalent source code, but the source code is usually more compressible (for x86 binary chunks, floating-point numbers in its binary format somewhat inflates data entropy.) Source code with all the non-essentials stripped out can be quite small. Alternately, many zero-valued bytes can be squeezed out of a binary chunk if one modifies the dump/undump format of 32-bit ints and size_ts.

One might be using encryption for anything from a mild irritation to a reverse-engineering deterrent to rock-solid security. The last should not be susceptible to an attack based on known data patterns. Both Lua source code and Lua binary chunks have known data patterns. Thus, in making encryption strength independent of data patterns, it follows that you end up with a flat playing field -- neither format wins. Besides, when one deems it necessary to seriously encrypt stuff, I think customizing Lua wouldn't be much of a cost issue at all.

Kein-Hong Man (esq.)
Kuala Lumpur, Malaysia