> > Part of your response suggests that if there was an existing > framework that was openly available, it wouldn't do me any good because > the bad guys would have the source code. > > I disagree. If it's based on a tried and tested (and occasionally > formally verified) crypto system, knowing the algorithm doesn't lead to > a crack.
I think again here that the problem is conflating encryption to be the same as DRM. Having encryption schemes in public source means that they can be analysed by the types that truly understand the math. This is "a good thing(tm)". Having a DRM scheme in public source means that you've handed the hacker all the entry points she needs to consider to bypass your scheme. Specifically, if you rely on private-key signing, you're screwed because the hacker can analyse the open source, determine where the public key comes from, create her own key-pair, patch you to use her public key instead, then use her private key in her keygen which she distributes. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
