PanoTools:
Some info. Was: Re: Re: New version of PTViewer
Fulvio Senore 2005-Jun-15 22:12:37
Yuval Levy ha scritto:
>>I think there's a bit of confusion here, which is my fault.
>>I was asking for the docs on encryption because I already have a
>>Photoshop CS script that creates the .ptv fiels for Fulvio's PTViewer,
>>I was just asking for the docs so I could update my script to include
>>the encryption scheme.
>>
>>After thinking about my request, I realized it was a bad idea to make
>>it public because of the type of security being added.
>>
>>I don't really say more than that.
>>
>>Eric
>>
>>
>
>Oups, sorry, I really did not see a request for the docs on encryption on the message I replied to. I must be blind.
>
>The only thing I can help you with is the old jpa jpb jpc encryption schemes from Helmut's original version.
>
>I haven't heard from Fulvio since he released 2.8beta5. I asked him for documentation and for help to split a pano into .ptv files so that I can use it for testing.
>
>Following your message I went to your site and found PTslicer. Thank you Eric! So at least the splitting problem is solved. Now I will wait for Fulvio's answer, although from the ongoing discussion we are having I am not sure about what level of encryption strength he implemented in 2.8beta5.
>
>Yuv
>
>
I have sent the information to Eric, so he'll be able to update his
photoshop script, and I have answered to Yuval too.
I suppose that this is the right occasion to give some info about the
encryption level. It is not very high, but I suppose that it will be
high enough for most users. Anyway it is reasonably high and it did not
require too much work. For this reason I will not make public the
details about the encryption scheme: a good hacker will still be able to
break it, but at least he will have to work a lot more.
Basically the image is encrypted with the domain name that will serve
it. When ptviewer loads an encrypted image it decrypts it with the
current domain name. If the two domain names are the same the image is
correctly decrypted. If the image is stolen the two domains are
different so the decrypted image is garbage. Since the ptv file does not
contain the encryption key it should not be possible to create a
general-purpose hacked version of ptviewer that will directly show
stolen images. The stealer would need to change the ptv file and this
will require a rather large amount of work.
It is also possible to allow local viewing for the encrypted pano. This
is useful if you develop a site in your local computer and then you
deploy it to the server: You will be able to use the same image. The
downside is that this option makes the encryption weaker, since the ptv
file will contain the encryption key: local viewing will require it. It
could be possible to create a hacked version of ptviewer that will be
able to show any ptv file of this kind, even in the internet.
You will have to trade between ease of use and encryption strenght.
Fulvio Senore
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/PanoTools/
<*> To unsubscribe from this group, send an email to:
#removed#
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/