Re: Encrypting Harddisk?

From: Jedi Master (gunsmith@no.spam.gr)
Date: 06/29/02


From: Jedi Master <gunsmith@no.spam.gr>
Date: Sat, 29 Jun 2002 09:45:53 +0300

On Sat, 29 Jun 2002 06:10:58 +0300, Nico Kadel-Garcia wrote:

> It's quite possible. The user's machine can phone home for the key. This
> procedure can be made as easy or difficult as you wish, requiring
> arbitrary levels of validation.
>

I don't think that this would work either. A good progrmmer (and reverse
engineerer) could isolate the portion of the program which whould phone
somewhere to get the key, and use it with a couple of modifications in
order to get the key to his harddisk. I don't think that it is too
difficult for someone who knows ....

And as the other idea, what about this scenario :
Lets say that i am the customer.

I try to copy the program but i need the key which is stored in my
motherboards eeprom. I try to open the case but the light detector gets
light and flushes the eeprom with a bare bootstrap to allow remote
recovery. I detect the light sensor (I am not an idiot, and security by
obscurity is NOT security as previously mentioned) and I stick a piece of
black paper in front of the detector. I start up the machine which will
get its OS back remotely possibly via phone. Then i get eeprom in my hand
having the OS inside it.

And consider the other scenario.

No matter what u do to protect your program, i *can* make a program which
will dump the entire memory
in my harddisk as soon as the program is loaded. How would u prevent this ?

-- 
Gunsmith