lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050701153329.GA16869@sentinelchicken.org>
Date: Fri Jul  1 16:33:38 2005
From: tim-security at sentinelchicken.org (Tim)
Subject: plz suggest security for DLL functions

> Try signing the hash of all your function arguments with a private key
> and then in the function calculating the hash and verifying the
> signature...
> The public key could be extracted from the dll or the dll could be
> reverse enginereed to remove the checks but this is still a good
> method to prevent totally clueless people from using your dll.

Make it as complicated as you want, with as much crypto as you like, and
a skilled attacker will just find those key branch instructions and
alter them to jump where necessary.

You can obfuscate it, but you can't make it secure.  You'll just have to
live with that fact.  You might be able to track the illegitimate use of
your DLL with watermarks, but you won't be able to prevent it if someone
really wants to use it that badly.

tim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ