Recommendation for a Java Obfuscator

Recommendation for a Java Obfuscator

Post by Laura Hein » Fri, 21 Apr 2006 08:20:03


We have a little Java class file to ship to a client - it will be
package in a JAR.

For security reasons the class file has to be prevented from being
decompiled.

Can anyone recommend a free obfuscater? It has to be free as we have
next to zero budget and it will be used extremely infrequently.

When we ship the JAR to the client, will they need to have any info on
the obfuscater?

Thanks for your help.
 
 
 

Recommendation for a Java Obfuscator

Post by Roedy Gree » Fri, 21 Apr 2006 09:52:51

On Wed, 19 Apr 2006 16:20:03 -0700, Laura Heinzmann < XXXX@XXXXX.COM >
wrote, quoted or indirectly quoted someone who said :


for a list of candidates see
http://www.yqcomputer.com/
--
Canadian Mind Products, Roedy Green.
http://www.yqcomputer.com/ Java custom programming, consulting and coaching.

 
 
 

Recommendation for a Java Obfuscator

Post by Boris Gorj » Fri, 21 Apr 2006 17:47:16


That "doesn't compute". I'll tell you why.

You should not rely on an obfuscator for security. Maybe for protection of your
code (IP), but even that is just walking on thin ice. Security should be dealt
with in a different way. You should use cryptosystems for this purpose.
Cryptosystems don't rely on privacy/secrecy of algorithms (that's sometimes
called security through obscurity:
http://www.yqcomputer.com/ ), but rather on
privacy/secrecy of a key (or keys) used.

(Some might argue that keys are a part of an algorithm, but for the sake of this
argument, let's say keys are input for an algorithm.)

Don't get me wrong, though. You don't have to open source your ( super duper ;-)
) code/algorithm. But you shouldn't take it for granted that nobody will ever
figure it out, either.