On Thu, 5 Jun 2003 14:15:45 -0300, Peter Cordes <[EMAIL PROTECTED]>
wrote:
If the attacker runs it under an x86 emulator like bochs, they don't need
to sniff the network, just look at memory after it's decrypted. Also,
what
I suggested was an attempt to avoid dependence on a network. I'd be
pretty
unhappy if I bought something that required a connection to some
authentication server before it would decide to function for me. Going
too
far with this risks pissing off people who had no plans to hack the
thing,
but dislike the explicit distrust of them. I mean, that's as bad as
buying
a DVD and finding out that it's "illegal" to watch it on a GNU system...
You don't want to make your clients feel like you think they're
criminals,
or your adversaries.
The idea is that if the attacker uses an x86 emulator the machine
fingerprint won't be the same, there must be some way get a different one.
I think there are some scenarios where this may be applicable. Server
renting is not something strange here.
--
Koba
