> As I am new here I frist want to introduce myself - I am a scientific
> employee at Technische Universitaet Muenchen and we do some research on
> DRM related security mechanisms.
The short answer is that you cannot reliably both grant and deny access to
the same entity.
> We made a concept for a secure media player and now try to attack it -
> the openssl related question is:
What does "secure" mean? If secure means "only authorized users can access
the media, then fine. If "secure" means that the same individuals can both
access and not access the same media, ...
> We use openssl to en/decrypt data with 3des - is it possible to retrieve
> the used key while running a de/encryption via a memory debugger or
> something similar ? Are there any preventions against such attacks or
> has noone ever thought about such an attack ?
The prevention is this simple -- do not give the key to anyone not
authorized to use the media. That's how keys work -- you make sure the
people who aren't supposed to access the encrypted item don't have the key.
The encryption protects the media from people who *don't* have the key.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
