Understand White Box Cryptography
In typical Digital Rights Management implementations, cryptographic algorithms are part of the security solution employing a known, strong algorithm while relying on the secrecy of the cryptographic key. In most cases, this is highly inappropriate since the platforms on which many of these applications execute on are subject to the control of potentially hostile end-users.
The conventional assumption for cryptography is a black box setup that presumes the attacker has no access to the encryption key, can only control the encryption input (plaintext) and has access to the resulting output (ciphertext). For a long time this has been accepted as truth. But it’s not, as you’ll read in this fascinating paper.
You see, popular industry standard ciphers like AES were not designed to operate in environments where their execution could be observed. And that might reveal the encryption key.
That’s why you might need to use a white box cryptography system - one that operates on the assumption that “bad guys” can observe the encryption process. What is a white box system? Read this informative paper to learn all about black, white and gray box testing. Download it today!
GET THIS WHITE PAPER NOW!