« October 2004 | Main | January 2005 »
November 18, 2004
What is common between Strong Names, Obfuscation and DRM?
(inspired by this article: http://www.codeproject.com/dotnet/NeCoder03.asp, where the author shows how to "break" strong names)
There is a lot of misconceptions out there related to various security technologies - some people think having a strong name makes their assemblies tamper-proof, some people think obfuscation prevents other people from reverse-engineering their code, some people think DRM prevents everybody from copying protected content.
Let me tell you the truth:
- Strong Names provide unspoofable unique assembly names, it is not possible to change the assembly and still keep the same valid strong name, but it is trivial to remove a strong name (same goes for publisher Authenticode signatures), or put a different strong name on the same assembly;
- Obfuscation doesn't stop reverse engineering, it makes it HARDER;
- DRM doesn't prevent a malicious hacker from copying protected content, it makes it HARDER;
Some approaches make it a little bit harder, some approaches make it a lot harder, but none of the approaches gives 100% protection. That's all there is to it, end of story.
Posted by ivan at 12:17 AM
| Comments (0)
| TrackBack
Software archive at DotNetThis offers thousands of software products for
download: from avi and mpeg
video tools to image
editors and desktop themes