[144478] in cryptography@c2.net mail archive
Re: consulting question....
daemon@ATHENA.MIT.EDU (James Muir)
Wed May 27 08:42:21 2009
Date: Tue, 26 May 2009 23:00:59 -0400
From: James Muir <muir.james.a@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <1243370269.16774.51.camel@janus.pagansexcult.org>
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4EF7E8A35044B75E4DFE6C0B
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Ray Dillinger wrote:
> Does anyone feel that I have said anything untrue?
>
> Can anyone point me at good information uses I can use to help prove
> the case to a bunch of skeptics who are considering throwing away
> their hard-earned money on a scheme that, in light of security
> experience, seems foolish?
Security is relative -- you need to evaluate it against a threat model
and consider what goals you are trying to achieve. A software solution
may succeed in deterring attackers from developing a way to strip the
DRM from a $0.99 mp3; if the mp3 only costs $0.99, then may be it isn't
worth the trouble of reverse engineering the software.
There is some academic work on how to protect crypto in software from
reverse engineering. Look-up "white-box cryptography".
Disclosure: the company I work for does white-box crypto.
-James
--------------enig4EF7E8A35044B75E4DFE6C0B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKHKzz4Arkm0Hw/FIRAlGkAKCV329/xHTapAOfWzDnG3Us1HooMACgqhZ0
qfeUzaTJyfY2n570u2aZHyc=
=sb20
-----END PGP SIGNATURE-----
--------------enig4EF7E8A35044B75E4DFE6C0B--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
