The fact this was broken by stealing a developer's SDK is disappointing. Real hackers would have disassembled the machine to reverse engineer it, rather than using black market/social engineering tricks.
>
The fact this was broken by stealing a developer's SDK is disappointing. Real hackers would have disassembled the machine to reverse engineer it, rather than using black market/social engineering tricks.
You cannot assume that an attacker will have an "honor code" or that you can keep information secret from an attacker. Because of the latter one, there exists Kerckhoff's principle
Well, I found it disappointing just from a story standpoint. I certainly wanted to read a story about clever technical hack...about someone sniffing a memory bus and writing a program to align the dump to get a valid program, or finding a complex pattern by analyzing the scrambling by hand.
I suppose it's a good reminder that in the real world, the easiest way in is often through a gullible or untrustworthy employee.
Dunno, you could try asking Sony, who helpfully used the same random input for every PS3 ECDSA signature, thereby leaking enough information to let people recover their private key.
(I would _suspect_ that internally, they deliberately made this choice, so that the same inputs would produce the same output, because someone important thought that was valuable and either didn't know or thought it wasn't risky enough to possibly leak key information by doing this. But I have no special knowledge, just a suspicion that people who pick elliptic curve crypto would be aware of the leaks involved in reusing IVs.)
You cannot assume that an attacker will have an "honor code" or that you can keep information secret from an attacker. Because of the latter one, there exists Kerckhoff's principle
> https://en.wikipedia.org/w/index.php?title=Kerckhoffs%27s_pr...
which on a high level states that security by obscurity will in the long run become broken (and as a corollary DRM does not work).