Andy wrote: > Could you not just tamper with the driver that the software outputs to? > yes > Same affect, works on closed software too so opening your code would > have caused no loss of security would it now? > > quite so > If proprietary software is running on a system controlled by the > attacker they can see precisely how it operates. theoretically, but most DRM fanatics still seem to prefer proprietary software > The fact there are > people in high positions who believe that running a piece of source > code through a compiler makes the contents so secure as to make it > impossible for an attacker to see how the program operates is > extremely worrying. > > indeed > Compiling code does NOT encrypt it. It translates it into another, > publically known, language. This is the equivalent to saying if I have > a private document written in English I can translate it into French > and give it to the attacker and it will be secure. (it clearly is not > secure as: 1. the attacker may understand French. 2. The attacker can > employ someone who understands French. 3. The attacker may buy an > English-French dictionary). > > What makes matters even worse is that the DRM program does not need to > be understood to be broken. Software itself does not know the time for > instance, it must ask someone. If that someone is the OS then what > stops the OS lying and telling DRM.exe that it's always before the > file expires? Or even better you can modify the binary to not perform > the checks. Giving the binary to the user is the security threat in > itself. So if you give them the binary you have an insecure system so > how can you use "security" as an excuse any more? > I never did use security as an excuse or maintain the position you are advocating against.
I merely pointed out that the unbreakability (!) of SSL style encryption isn't relevant to the DRM question, and for precisely the reasons you give above. Sam _______________________________________________ Fsfe-uk mailing list [email protected] http://lists.gnu.org/mailman/listinfo/fsfe-uk
