Re: Obfuscation = cryptography?

[Valdis.Kletnieks () vt edu]

On Mon, 03 Feb 2014 16:28:28 -0800, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" said:
> OK, I'll admit that the math in this type of paper is completely beyond me.
>
> http://www.wired.com/wiredscience/2014/02/cryptography-breakthrough/
>
> But, hasn't he, or any of his friends, paid any attention to malware in the past two
> decades?  There is plenty of obfuscation out there.  (Most of it does what his
> program does: turn little programs into bloated monsters.)

The guy's an academic.  He's focusing on what's theoretically possible,
not what makes sense out in the real world.  Two main reasons it will
never fly:

1) The performance hit.  It will *by definition* be excessive for production
use - because if it was cheap (say, a 2X to 10X hit), it would be easy to
reverse engineer (note that we *can* RE the current class of obfuscated
malware).

2) The debugging hit.  It's hard enough to figure out why software crapped
out - this would make it even harder.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.