Re: Application Security Options--USB Dongle?
- From: Paul Pluzhnikov <ppluzhnikov-nsp@xxxxxxxxxxx>
- Date: Fri, 24 Mar 2006 15:07:28 -0800
Alvin Beach <please_reply@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
The dongle has an encryption engine built into the hardware. ...
The app would then determine if the response (the decrypted data) is
correct and then take the appropriate action.
The problem is that a hacker can observe your program "taking
appropriate action", and make it do the "inappropriate action"
instead (e.g. proceed to work even with the incorrect response).
In order to avoid this, you'll have to make sure your program is
not being debugged, and has not been patched.
But *that* is impossible to do reliably, if the hacker controls
the kernel (and can make your program believe anything).
I haven't tried it, so I can't really be sure though. But the theory
is sound.
No, not really: you are protecting a door made from heavy paper
with a very strong lock. But I can cut your lock out of the door
with scissors, or open a window that is next to it, and help
myself in.
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
.
- References:
- Application Security Options--USB Dongle?
- From: jaylucasaustin.rr.com
- Re: Application Security Options--USB Dongle?
- From: Paul Pluzhnikov
- Re: Application Security Options--USB Dongle?
- From: Alvin Beach
- Application Security Options--USB Dongle?
- Prev by Date: P2P VOIP library ?
- Next by Date: Re: Thread behaviour using pthread
- Previous by thread: Re: Application Security Options--USB Dongle?
- Next by thread: Thread behaviour using pthread
- Index(es):
Relevant Pages
|
