In our very first Cloakable blog post, we discussed why whitebox cryptography is so important when developing software that needs to keep data and keys secure. Specifically, we discussed how software is an open book, with […]
This past week I’ve been reading the specifications for Trusted Platform Modules (TPM) published by the Trusted Computing Group of companies. It seems to me they’ve done a lot of things right, but a TPM is […]
On a recent flight, I was sat next to a security auditor. He asked “can someone steal keys used to encrypt credit cards from the server memory?” It depends, was my reply. But his question left me wondering. Why hasn’t anyone built a server side white box implementation?
Why does it depend?
Like any implementation, some are more secure than others. If the server side code was using ‘standard cryptographic APIs’ and they were black box implementations then