If you have ten minutes and want to be genuinely more informed when it's over, read Federico Biancuzzi's excellent interview of Nate Lawson titled Racing Against Reversers. I found this comment interesting:
Q: It sounds as security through obscurity has some admirers among the DRM designers. What is the role of "secrets" in a DRM system?
A: In software protection, obscurity is everything. You're ultimately depending on the attacker to not be able to just "see" the key or how the protection works. That sounds weak and against normal security principles but actually works quite well in practice, if you're good at it.
I think that insight echoes what I said in Fight to Your Strengths last year:
Apparently several people with a lot of free time have been vigorously arguing that "security through obscurity" is bad in all its forms, period. I don't think any rational security professional would argue that relying only upon security through obscurity is a sound security policy. However, integrating security through obscurity with other measures can help force an intruder to fight your fight.
Don't get hung up on the obscurity issue if you disagree, however. The interview is awesome.
Kamis, 05 Juni 2008
A Clueful Interview
16.57
No comments
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar