PGP source code
Dave Bird
dave at xemu.demon.co.uk
Tue, 4 Sep 2001 18:22:48 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <00ca01c13543$d2601e00$1e01320a@drizzt>, Nexus
<nexus@patrol.i-way.co.uk> writes
>How many licence or
>unlock code routines use tortuous decryption or obfuscation routines only to
>end in a single conditional jump ?
>How many hardware "dongles" suffer from the same oversight ? Have these
>people never heard of a Logic Analyser or a CRO ?
A more effective dongle is one which contains the decrypt key for the
executable material being hidden: maybe every 1-second tick of the
on-screen time repeats this process and runs a bit of decrypted code.
The attacker is then put to the work of stealing the dongle contents,
or stealing the decrypted code while running. This becomes harder
if some less used sections are decrypted when needed, run, and deleted
(the attacker has to hang in there stealing code until all sections
have been decrypted and run once, and be able to know this).
Nothing is infinitely secure, you can only plan an increase in the
work your attacker is put to. Everything is vulnerable to HumInt
attacks on persons with final control of access to data, though
you can perhaps limit the extent to which lower-level people have this.
- --
^-^-^-@@-^-;-^ http://www.xemu.demon.co.uk/
(..)__u news:alt.smoking.mooses
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBO5UN6H8v/Y5zkfRPEQLOwQCgqEAlK9TuUeWK03XEMa5Sv6sMFCIAn0FK
cMF5RMV/1FoobGr9wG6wjeN+
=Ak84
-----END PGP SIGNATURE-----