Originally posted by anda_skoa
View Post
A DRM component must be shipped with the decryption key, there's no way around it, as the content must be decrypted somehow. So how do you prevent the user from reading that key? You obfuscate your program. There is no other way. This requires shipping compiled binaries. If you ship the sources as well, it just makes it much easier for an attacker to locate where the key is stored in the binary, and how it is hidden.
What you can do, is have a clear API, with the smallest possible surface. That is what Mozilla is doing. But you cannot have an open implementation of the blackbox inside.
Comment