On Feb 24, 2010, at 5:27 PM, Graham Lee wrote: > On 24 Feb 2010, at 22:57, Michael A. Crawford wrote: >> Part of your response suggests that if there was an existing framework that >> was openly available, it wouldn't do me any good because the bad guys would >> have the source code. > > I disagree. If it's based on a tried and tested (and occasionally formally > verified) crypto system, knowing the algorithm doesn't lead to a crack. > Weaknesses would come through bugs in the framework (or incorrect application > of it), and the more people who can see the source the greater chance there > is that good people as well as bad can find the issues. Good people fix 'em.
Except in the standalone piracy-prevention case, the algorithm is already known to be broken. Formally, the attacker already has in hand all of the information they need: they have the executable and all of the data accessed by the executable. The only information the attacker lacks is the algorithm. Once they know the algorithm, they know how to rewrite your executable to bypass the protection system. The only solutions to that are (1) hide information from the attacker in a place they cannot see, like a server you control or a piece of tamper-proof "trusted" hardware, or (2) obfuscate the algorithm and the executable and hope the attacker gives up before solving the puzzle. -- Greg Parker gpar...@apple.com Runtime Wrangler _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
