Hi all,Which do you prefer for delivering products to 3rd parties? Context files or encrypted SKILL?A few years ago, I have had one customer who cracked the encrypted SKILL fairly easily and was able to view the original source code. However, I do not know what method he used to view the source.Can context files also be bypassed as easily? Have all known holes in the encrypted SKILL methodology been closed?Encrypted SKILL seems to be much easier to maintain, because I don't have to worry about maintaining separate versions for each major version of CADENCE, but I don't want to give away my source code to savvy users.Any advice?Just to be clear, I'm not asking for people to identify the known security holes. I just want to know which method will avoid the most security hazards.Thanks!
Encrypted SKILL (without a password) is easily decoded, and should be seen as just a means of discouraging editing of the files, rather than real protection.If you use a password when encrypting the SKILL, then the usual methods of decoding the encryption no longer work. You do need to know the password to load the file (it's the second argument to the load() function), but knowing the password doesn't help you to decrypt it. That said, the encryption algorithm is not that complex, and so somebody determined enough could decrypt it I'm sure (as opposed to decoding normal encrypted SKILL files which doesn't require any knowledge of the algorithm).Context files are a snapshot of the virtual machine's state - and as such are much harder to decode. You'd need to know the machine language of the SKILL virtual machine and how to convert this back into code. Normally this can be done, but only with a license that is normally restricted for Cadence internal debugging use only.So Context files are the most secure, followed by password protected encrypted files.Regards,Andrew.
Hi there!On the other side of the coin, what happen if the author quit and leave no documentation what so ever about the code. Is there away to de-crypte the SKILL code? I mean, you know there's no way two different engineers can come up with the same code. Any ideas?thanks
There are no public ways of doing this. Whilst Cadence have internal ways of doing it (which are protected by a special license), we don't do this for customers because there's always a risk that the code being decrypted is not owned by the person requesting the decryption.So the simple answer is "no". Make sure that source code is backed up and documented.The same would be true if somebody pgp encrypted some vital bit of data and took the keys with them when they left. Regards,Andrew.