On Feb 24, 2010, at 5:27 PM, Graham Lee wrote:
I disagree. If it's based on a tried and tested (and occasionally formally verified) crypto system, knowing the algorithm doesn't lead to a crack. Weaknesses would come through bugs in the framework (or incorrect application of it), and the more people who can see the source the greater chance there is that good people as well as bad can find the issues. Good people fix 'em.
This is all completely true … for cryptosystems and actual security code. But as I said, DRM is not real security, not on an open platform. It doesn't matter what kind of fancy algorithms your DRM code uses if the hacker can simply open the app in a hex editor and replace it with NOP instructions. (And no, code signing does not prevent this. The hacker just has to patch out the code that checks the signature.)
In this situation, what counts isn't the strength of the algorithm but how hard it is to find the machine code that implements it. So obscurity wins.
Things are different on a closed platform like the iPhone OS, where you can't mess with code on the device, and where you can't disable the DRM checks because they're in the OS itself. [Yes, modulo jailbreaking the device.]
—Jens_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
