consulting question....
James Muir
muir.james.a at gmail.com
Tue May 26 23:00:59 EDT 2009
Ray Dillinger wrote:
> Does anyone feel that I have said anything untrue?
>
> Can anyone point me at good information uses I can use to help prove
> the case to a bunch of skeptics who are considering throwing away
> their hard-earned money on a scheme that, in light of security
> experience, seems foolish?
Security is relative -- you need to evaluate it against a threat model
and consider what goals you are trying to achieve. A software solution
may succeed in deterring attackers from developing a way to strip the
DRM from a $0.99 mp3; if the mp3 only costs $0.99, then may be it isn't
worth the trouble of reverse engineering the software.
There is some academic work on how to protect crypto in software from
reverse engineering. Look-up "white-box cryptography".
Disclosure: the company I work for does white-box crypto.
-James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20090526/729c8e5e/attachment.pgp>
More information about the cryptography
mailing list