Forum Archive Index - August 2000

["Nigel Bree" <nbree@kcbbs.gen.nz>]

Matthew Darby wrote:
> Without giving away any secrets there is a way to protect any file from
> repeated copy and distribution.

That's an incredibly bold claim. As a reverse-engineering buff myself,
I'd say that it is in fact quite impossible if you expose your code to
open environments. And if you have not submitted your system to expert
peer review, then the claim is bolder still.

For background, Sharechatters might like to read
         http://www.counterpane.com/whycrypto.html
It might be a bit technical, but it should give a feeling for the odds
of EstarOnline succeeding where no others have ever been able to. Or,
on the other hand, just how valuable such a capability is in the event
of Mr. Darby's claim being true.

The reality is that such a claim can be only conditionally true, and
the actual meaning of Mr. Darby's statement depends on the details of
the threat model that was developed for the adversaries to their
system.

> Again I am sorry for not being more enlightening but we are
> getting into a sensitive area, which I am unable to comment further
> on at this stage.

Probably wise, but a reasonable start would be to disclose the threat
model you are using. Since you are claiming a truly unprecedented
capability, the onus is upon to you provide the evidence that you are
in fact capable of delivering what you claim.

Jeremy wrote:
> 1. From what I can see, any system that plays sound through standard audio
> devices is vulnerable to copying, either at the digital stage by hijacking
> the sound card driver or analogue output stage.  This makes transactional
> software untenable as a strategy for PC usage.

Correct. Indeed, if the decoder is made available as a plug-in to the
standard Media Player then it can be loaded from an adversary's host and
used to decrypt the content. The Media Player itself provides for other
ways for intercepting the digital output stream.

> 2. Playing sound on portable devices with a transactional system requires
> a connection to an authorising service - presumably via WAP or somesuch.
> Is it reasonable to expect that manufacturer's technology will achieve
> this in a reasonable time frame?

Even in an on-line system, the cryptographic exchanges between the nominally
secure (hah! - no such device exists) player and the authorising exchange
are going to be subject to intercept, reverse engineering, and eventual
production of a third-party workalike. At which point, all bets are off.

> 3. Platform diversity means that any succesful transaction system must
work
> on many different platforms, including all the traditional PC platforms,
> plus the new player devices.  Developing a transactional system for all of
> these so as to achieve a significant market share seems like a very
> expensive exercise.

It's a two-edged sword. The most secure environments to prevent reverse
engineering of the protection scheme are hardware players, but the world
mainly cares about platforms like Windows where what Mr. Darby is claiming
is not achievable.


----------------------------------------------------------------------------
http://www.sharechat.co.nz/          New Zealand's home for market investors
http://www.netbroker.co.nz/        Trade on Credit, Low Brokerage. Join now.
----------------------------------------------------------------------------
To remove yourself from this list, please use the form at
http://www.sharechat.co.nz/forum.shtml.