> As I am new here I frist want to introduce myself - I am a scientific > employee at Technische Universitaet Muenchen and we do some research on > DRM related security mechanisms.
The short answer is that you cannot reliably both grant and deny access to the same entity. > We made a concept for a secure media player and now try to attack it - > the openssl related question is: What does "secure" mean? If secure means "only authorized users can access the media, then fine. If "secure" means that the same individuals can both access and not access the same media, ... > We use openssl to en/decrypt data with 3des - is it possible to retrieve > the used key while running a de/encryption via a memory debugger or > something similar ? Are there any preventions against such attacks or > has noone ever thought about such an attack ? The prevention is this simple -- do not give the key to anyone not authorized to use the media. That's how keys work -- you make sure the people who aren't supposed to access the encrypted item don't have the key. The encryption protects the media from people who *don't* have the key. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]