Linked by TADS on Tue 24th May 2011 21:13 UTC
Google Even though Google supports (some might say encourages) unlocking the bootloader and gaining root access on its own Nexus line of Android devices, it's currently blocking the newly announced Google Movies service on rooted devices.
Permalink for comment 474728
To read all comments associated with this story, please click here.
RE[4]: so the next step ...
by Alfman on Thu 26th May 2011 17:41 UTC in reply to "RE[3]: so the next step ..."
Alfman
Member since:
2011-01-28

vodoomoth,

"what kind of security isn't 'security by obscurity'? I mean, I use TruCrypt on one specific volume... and the security of what I store there is based on no one but me knowing the password."


Security by obscurity is a term applied to those who rely on obfuscated code and/or not non-disclosure of source in order to protect content. This is opposed to using mathematically sound encryption algorithms in a correct way.

Encryption can only protect content from 3rd parties who do not possess the keys (obviously). And herein lies the fatal flaw inherent in all DRM - the keys are necessarily distributed to the end user.

All DRM, from microsoft, apple, real networks, digital cable boxes, and so on are flawed and will always be flawed due to the fact that they are using secure encryption algorithms in an insecure manor. So while the encryption algorithm (ie AES) is secure, the DRM implementation inherently suffers from the need to obscure the keys from the very party who will be using the keys.

DRM can make the attacker's job more difficult, but in the end it cannot be made mathematically secure due to the fact that the keys exist on the same endpoint which the DRM is attempting to restrict.



"Ditto for my debit card, my computers, my online accounts, etc. It seems to me that every kind of security I ever face is based on some kind of obfuscation or secrecy, a.k.a 'obscurity'"

Well it's true, there may be a semantic exception for "passwords". But encryption is unlikely to be the weak link in any of the examples you cited. It's much more likely for a partner to suffer a perimeter breach where the attacker has access to the unencrypted data.


"If this is 'inherently broken', I wonder what would save us."

Encryption is still sound against third party interception. It's the DRM model which is inherently broken, mathematically speaking.

Reply Parent Score: 2