From: Mikolaj Habryn <dichro@tartarus.uwa.edu.au>
Date: Sat, 26 Mar 94 05:03:15 PST
To: mg5n+@andrew.cmu.edu (Matthew J Ghio)
Subject: Re: Digital Cash
In-Reply-To: <UhYcaza00iUxMD4WwS@andrew.cmu.edu>
Message-ID: <199403261339.VAA22222@lethe.uwa.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


> This is not new.  It's been used for years by software companies in
> copy-protection schemes.  Ask anyone who's ever "cracked" software. 
> Copy-protection systems rely on the fact that someone can not easily
> find and remove the algorythm which impedes duplication.  There are
> three common ways of preventing this.  First, the code is encrypted in
> layers and modules.  Each module decrypts the next layer and rescrambles
> or erases the last.  This prevents the attacker from getting an overall
> view of the program, as it is never all accessable at once, but it can
> be viewed in peices as it executes.  Secondly, several layers of
> interpreted code can be used.  Each layer interprets the next.  In this
> way, no assembly language code ever exists in plaintext (except the
> first level interpreter).  Finally, the program checksums itself to
> prevent tampering.  These methods can never provide foolproof
> protection, but they can slow down attacks considerably.  Even the most
> determined attacks can be delayed for weeks or months.  But if they want
> it bad enough, they can probably reverse-engineer it - as has been said
> before, crypto is all economics.
> 
> I've considered such possibilities for digital cash, but even if the
> algorithm could not be derived from the cryptographically protected
> software, it really doesn't solve the double-spending problem.  You can
> just copy the entire module, along with all the money, and spend it
> twice (on seperate victims, of course).
> And all those layers of encryption can make it unbearably slow.
> 
> 

	Ever been on a "private" bbs, or talked to peole who (talk to 
people, who talk to people, etc.)have been on one? You get software 
released on 4 Jun (for example), on 6 June it's cracked, and by 7 June, 
it is available on every single continent (barring Antarctica - although 
i'm not certain about that - supposedly there are equally private 
internet nodes around somewhere...). While the might of bands like 
Paranoimia, Skid Row, and Razor 1911 are usually concentrated on games, 
their expertise applies equally well to "serious" software - it's just 
that games are more marketable/popular and thus get the crackers' names 
to more people.
	PS - the example above is an overestimate - it often happens that 
software is cracked and distributed within HOURS of release.

MJH

*       *       Mikolaj J. Habryn
                dichro@tartarus.uwa.edu.au
    *           "Life begins at '040."
                PGP Public key available by finger
    *           "Spaghetti code means job security!"