Ray Dillinger wrote:
> Does anyone feel that I have said anything untrue?
>
> Can anyone point me at good information uses I can use to help prove
> the case to a bunch of skeptics who are considering throwing away
> their hard-earned money on a scheme that, in light of security
> experience, seems foolish?

Security is relative -- you need to evaluate it against a threat model
and consider what goals you are trying to achieve.  A software solution
may succeed in deterring attackers from developing a way to strip the
DRM from a $0.99 mp3; if the mp3 only costs $0.99, then may be it isn't
worth the trouble of reverse engineering the software.

There is some academic work on how to protect crypto in software from
reverse engineering.  Look-up "white-box cryptography".

Disclosure:  the company I work for does white-box crypto.

-James


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to