PDA

View Full Version : 'encryption' in RadioIO plugin



Lars Kellogg-Stedman
2004-10-01, 19:46
Just because I'm curious...what's this for?

sub decrypt {
my $str = shift;

$str =~ tr/a-zA-Z/n-za-mN-ZA-M/;
$str =~ tr/0-9/5-90-4/;

return $str;
}

sub getHTTPURL {
my $key = shift;
my $port = $stations{$key};
my $url = "http://" . decrypt("enqvbvb.fp.yyajq.arg") . ":" .
decrypt($port) . "/" . decrypt("yvfgra.cyf");
return $url;
}

The decrypt() function appears to be completely pointless, since it's
only being used to "decrypt" strings that are hardcoded into the plugin
source. What exactly are we trying to avoid?

Thanks,

-- Lars

dean
2004-10-01, 19:54
We're trying to avoid trivial grabbing of the URL from plaintext, as
requested by our friends at RadioIO.

Nobody believes that this is in any way secure, but does take some
effort to extract it.

-dean


On Oct 1, 2004, at 7:46 PM, Lars Kellogg-Stedman wrote:

> Just because I'm curious...what's this for?
>
> sub decrypt {
> my $str = shift;
>
> $str =~ tr/a-zA-Z/n-za-mN-ZA-M/;
> $str =~ tr/0-9/5-90-4/;
>
> return $str;
> }
>
> sub getHTTPURL {
> my $key = shift;
> my $port = $stations{$key};
> my $url = "http://" . decrypt("enqvbvb.fp.yyajq.arg") . ":" .
> decrypt($port) . "/" . decrypt("yvfgra.cyf");
> return $url;
> }
>
> The decrypt() function appears to be completely pointless, since it's
> only being used to "decrypt" strings that are hardcoded into the plugin
> source. What exactly are we trying to avoid?
>
> Thanks,
>
> -- Lars
>
>

kdf
2004-10-01, 19:59
Hats off to RadioIO for at least being open enough to make their content
available to an open source project. Here's hoping they wont ever come to
regret that decison :)
-kdf

Quoting dean blackketter <dean (AT) slimdevices (DOT) com>:

> We're trying to avoid trivial grabbing of the URL from plaintext, as
> requested by our friends at RadioIO.
>
> Nobody believes that this is in any way secure, but does take some
> effort to extract it.
>
> -dean
>
>
> On Oct 1, 2004, at 7:46 PM, Lars Kellogg-Stedman wrote:
>
> > Just because I'm curious...what's this for?
> >
> > sub decrypt {
> > my $str = shift;
> >
> > $str =~ tr/a-zA-Z/n-za-mN-ZA-M/;
> > $str =~ tr/0-9/5-90-4/;
> >
> > return $str;
> > }
> >
> > sub getHTTPURL {
> > my $key = shift;
> > my $port = $stations{$key};
> > my $url = "http://" . decrypt("enqvbvb.fp.yyajq.arg") . ":" .
> > decrypt($port) . "/" . decrypt("yvfgra.cyf");
> > return $url;
> > }
> >
> > The decrypt() function appears to be completely pointless, since it's
> > only being used to "decrypt" strings that are hardcoded into the plugin
> > source. What exactly are we trying to avoid?
> >
> > Thanks,
> >
> > -- Lars
> >
> >

Lars Kellogg-Stedman
2004-10-01, 20:08
In article <1096685983.415e199f3570e (AT) callisto (DOT) deane-freeman.com>,
kdf <slim-mail (AT) deane-freeman (DOT) com>
wrote:

> Hats off to RadioIO for at least being open enough to make their content
> available to an open source project.

So the magic URL in the RadioIO plugin gives the SlimServer access to
content that would otherwise not be available for free? That's very
nice of them, if a little optimistic :).

-- Lars