Oliver Welter wrote: > We made a concept for a secure media player and now try to attack it - > the openssl related question is: > > We use openssl to en/decrypt data with 3des - is it possible to retrieve > the used key while running a de/encryption via a memory debugger or > something similar ? Are there any preventions against such attacks or > has noone ever thought about such an attack ?
After the decryption you end up with a unprotected audio/video stream, correct? Now why should the "attacker" spend time with finding the key hidden somewhere in the process memory when he can probably more easily capture the decrypted data that you serve him almost right on his table? But as long as he has access to the player process' memory you lost anyway. The only question now is which way to choose to get the unprotected data :-) Just my 2 cents... Michal Ludvig ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
