Ray Dillinger wrote: > Does anyone feel that I have said anything untrue? > > Can anyone point me at good information uses I can use to help prove > the case to a bunch of skeptics who are considering throwing away > their hard-earned money on a scheme that, in light of security > experience, seems foolish?
Security is relative -- you need to evaluate it against a threat model and consider what goals you are trying to achieve. A software solution may succeed in deterring attackers from developing a way to strip the DRM from a $0.99 mp3; if the mp3 only costs $0.99, then may be it isn't worth the trouble of reverse engineering the software. There is some academic work on how to protect crypto in software from reverse engineering. Look-up "white-box cryptography". Disclosure: the company I work for does white-box crypto. -James
Description: OpenPGP digital signature