Closed nemirst closed 7 years ago
This is the core idea & problem of the white-box cryptography in general. In order to use it you need to know how to use it and if it suits your use-case.
To make life of the attacker harder you can use external input/output mappings as described in the literature or my diploma thesis (links in readme on main page)
Hi! I was wondering if this implementation aims to provide practical protection of keys / data. Currently it seems to me that implementation does not generate any code but it generates tables which hide internal key. And tables (WBAES object) could be serialized to file. But attacker could easily read tables and use it for decryption of ciphertext previously encrypted by same tables. So it looks like tables themself act like a key in a sense that ciphertext can be decrypted if you have them. Of course it's difficult to extract embedded key but attacker would not need it as tables (WBAES object) could be used directly for decryption. And tables themselves are not hidden. Am I missing something?