« Cudos to Internet Explorer on BugTraq | Main | MSRC tour on Channel9 »

November 18, 2004

What is common between Strong Names, Obfuscation and DRM?

(inspired by this article: http://www.codeproject.com/dotnet/NeCoder03.asp, where the author shows how to "break" strong names)
There is a lot of misconceptions out there related to various security technologies - some people think having a strong name makes their assemblies tamper-proof, some people think obfuscation prevents other people from reverse-engineering their code, some people think DRM prevents everybody from copying protected content.
Let me tell you the truth:
- Strong Names provide unspoofable unique assembly names, it is not possible to change the assembly and still keep the same valid strong name, but it is trivial to remove a strong name (same goes for publisher Authenticode signatures), or put a different strong name on the same assembly;
- Obfuscation doesn't stop reverse engineering, it makes it HARDER;
- DRM doesn't prevent a malicious hacker from copying protected content, it makes it HARDER;
Some approaches make it a little bit harder, some approaches make it a lot harder, but none of the approaches gives 100% protection. That's all there is to it, end of story.

Posted by ivan at November 18, 2004 12:17 AM

Trackback Pings

TrackBack URL for this entry:
http://www.dotnetthis.com/MoveableType/mt-tb.cgi/4

Listed below are links to weblogs that reference What is common between Strong Names, Obfuscation and DRM?:

Comments

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


Remember me?




Tired of searching for a right programming ActiveX control or library? Our download site listing over 20000 products has it all - from debuggers and compilers to source code management software.