Re: Code Signing And Hacking
From: Eugene Mayevski (mayevski_at_eldos.org)
Date: 10/15/04
- Next message: Nicole Calinoiu: "Re: Code Signing And Hacking"
- Previous message: Martin: "Re: Crypto API / System.Security.Cryptography questions"
- In reply to: Andreas Hakansson: "Re: Code Signing And Hacking"
- Next in thread: Andreas Hakansson: "Re: Code Signing And Hacking"
- Reply: Andreas Hakansson: "Re: Code Signing And Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Oct 2004 13:56:32 +0300
Hello!
You wrote on Fri, 15 Oct 2004 09:45:41 +0200:
AH> Not quite sure, but if he is talking about strong naming then your
AH> statement is
Hackers are not usually interested in changing supplementary assemblies.
They usually need to remove protection, which is (usually) located in main
code. Another possible hacker's goal is to extract some algorithm or
resource. And signing won't help here either.
AH> So strong naming provides both a way of identifiying if the code is
AH> from a specified
AH> (and perhaps trusted) source as well as way to determin if it has been
AH> tampered with.
While the assembly can identify that it (or other assembly) has been
changed, the average hacker can easily remove the check too.
With best regards,
Eugene Mayevski
- Next message: Nicole Calinoiu: "Re: Code Signing And Hacking"
- Previous message: Martin: "Re: Crypto API / System.Security.Cryptography questions"
- In reply to: Andreas Hakansson: "Re: Code Signing And Hacking"
- Next in thread: Andreas Hakansson: "Re: Code Signing And Hacking"
- Reply: Andreas Hakansson: "Re: Code Signing And Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
