All geek questions in one place

How can I sign a digit and trust a message in a distributed program that I know can be programmed with feedback?

The problem in short: I am developing an application (such as a game) that is distributed in binary form. The game calls home and sends the user a high score as a message to the online games server.

What I would like to do is digitally encrypt and sign the message so that I can trust that it has not been tampered with.

Public key cryptography is based on each end of the conversation that has a secret, but I cannot rely on the fact that my software is not reversed and the private key is discovered.

Is there a safe or secure way to digitally sign (in this case, part of the encryption is not required) message from my distributed binary application, when I know that it could be reverse engineering?

+3
source share
7 answers

In short: no ... there is no perfect solution for this. The problem is that the application that sends you high scores works under the control of someone you don’t β€œtrust” in this transaction. If they can reverse engineer the code, then they can modify the content of any message before signing it.

+3
source

( , , ) - , , , , . , , .

+1

. , (IMHO, ). , , . .

, , , - - , . . , .

+1

. , . , ( ) .

0

- , blowfish. , .

, , " ". , ( , ) blowfish. blowfish, , . .

, ( ), blowfish.

, , () blowfish. , blowfish, , .

, (, , , ).

, , .

- () . β†’ .

0

! - , .

Trusted Computing. / , , - . / , .

0

, . , .

. , ? ?

, , , :

  • ; , , .. / . , . , .

  • . . .

  • .

  • IP- .

0

Source: https://habr.com/ru/post/1709973/

More articles:


All Articles