On Thu, May 15, 2003 at 10:44:58AM +0000, Dean McEwan wrote:
> Actually the program is dynamically encrypted with a new key each time.
Yeah, whatever
> Intefering with memory buffers causes the kernel to delete the
> program, Key is sent over VPN, tampering with the kernel causes the
> MD5 hash to be incorrect,
Who sends the now-incorrect MD5? The kernel? But since it's been
tampered with, how do you know it sends the trust now-incorrect MD5 sum,
instead of a copy of the original MD5 sum?
> and key isn't sent, DRM self scans itself,
What for?
If DRM is tampered with, making it scan itself is pretty useless - once
it has been tampered with, it can no longer be trusted to perform the
self scan. In other words, such self-scanning is fundamentally flawed.
Read "The inevitability of failure" - pay special attention to the fact
that they *never* recommend anything like self-scanning, but rather
focus on mechanisms to ensure that whatever it was you wanted to
self-scan could never have been tampered with in the first place (thus
making the self-scanning that can't work anyway, a non-issue).
http://www.nsa.gov/selinux/inevit-abs.html
> MD5 hash sums are made on the sources and DRM will dynamically
> recompile itself every 32 seconds, checking the sources.
... using which compiler ?
... compiled using which compiler ?
Nevermind that - you don't need to answer.
Read "Reflections on trusting trust" by Ken R.
http://cm.bell-labs.com/who/ken/trust.html
Your idea is fundamentally flawed. You can always add more layers of
self-checking-self-checkers, but this does not change the fact that the
idea is fundamentally flawed.
I'm sorry - it's not that I don't like you or anything like that - but
the idea is stupid, just give it up :)
-- ................................................................ : jakob@unthought.net : And I see the elder races, : :.........................: putrid forms of man : : Jakob Østergaard : See him rise and claim the earth, : : OZ9ABN : his downfall is at hand. : :.........................:............{Konkhra}...............: - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri May 23 2003 - 22:00:33 EST