Hacker News new | past | comments | ask | show | jobs | submit login

Been looking for an answer to a related question on this.

DRM technologies like "white box crypto," seem to be designed for the same use case. Is encoding sensitive operations in an application using these techs not a viable medium term mitigation as well?




No. White-box and obfuscated encryption cores are extremely slow, can't protect program logic (unless you encrypt the program and run it as a VM, which is even slower), and are themselves failure-prone. They work in DRM because DRM is an economic defense intended mostly to protect the new-release window for a title and to impose greater costs on copiers than a title is worth. They're not general-purpose countermeasures.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: