Re: Secure Sofware Key

From: Bryan Feir (bryanat_private)
Date: Wed Sep 04 2002 - 12:16:03 PDT

Next message: Jef Feltman: "RE: Secure Sofware Key"

Previous message: Everhart, Glenn (FUSA): "RE: use of base image / delta image for automated recovery from a ttacks"
In reply to: Glynn Clements: "Re: Secure Sofware Key"
Next in thread: Jef Feltman: "RE: Secure Sofware Key"
Next in thread: Ben Laurie: "Re: Secure Sofware Key"
Reply: Jef Feltman: "RE: Secure Sofware Key"
Reply: Michael McKay: "RE: Secure Sofware Key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 03, 2002 at 11:55:47PM +0100, Glynn Clements wrote:
> 
> Yannick Gingras wrote:
> > Does it really make it more secure ?
> 
> Yes; software techniques will only get you so far. Actually, the same
> is ultimately true for hardware, but cracking hardware is likely to
> require resources other than just labour.
> 
> Almost (?) anything can be reverse engineered. But it may be possible
> to ensure that doing so is uneconomical.

   It's taken as a given by those who understand computer security that
if you don't control the hardware completely as well as the software,
the software _can_ be broken.  Even that's not always sufficient, as
has been demonstrated by the people who have managed to crack the X-Box.
Anything out in the users' hands can be cracked with sufficient resources.
The trick is making sure that the 'sufficient resources' are higher than
most will be willing to bother with.

> > Look at the DVDs.
> 
> IIRC, CSS was cracked by reverse-engineering a software player; and
> one where the developers forgot to encrypt the decryption key at that.

   True, though that only got one 'player key' by itself.  CSS involved
encrypting the disk with a single 'session key', then storing that session
key on the disk once for each licenced 'player key'.  That way if one
player was broken like happened with the Xing player, later DVDs could be
mastered without using that key, so the broken player would stop being
able to play new DVDs.

   Of course, once one player key was broken, dealing with the rest became
a known plaintext attack, and the rest of the player keys went down like
a row of dominos.

---------------------------+---------------------------------------------------
Bryan Feir           VA3GBF|"The professor holds the keys to the gates of
Work:bryanat_private | knowledge; not to let the student in, but to let
Home:jenoraat_private   | him get out and on to better things." -- Leacock
---------------------------+---------------------------------------------------

Next message: Jef Feltman: "RE: Secure Sofware Key"
Previous message: Everhart, Glenn (FUSA): "RE: use of base image / delta image for automated recovery from a ttacks"
In reply to: Glynn Clements: "Re: Secure Sofware Key"
Next in thread: Jef Feltman: "RE: Secure Sofware Key"
Next in thread: Ben Laurie: "Re: Secure Sofware Key"
Reply: Jef Feltman: "RE: Secure Sofware Key"
Reply: Michael McKay: "RE: Secure Sofware Key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 13:07:12 PDT