To follow up on Shaggy's excellent analogy (I'm going to
steal that one), the breaker of ADE DRM has this to say:
Quote:
|
Originally Posted by i♥cabbages
ADEPT is pretty close to faultless as a crypto system -- a per-user RSA key encrypts a per-book AES key which encrypts the content. It uses AES in CBC mode with a random IV. It uses RSA with PKCS#1 v1.5 padding, which is perfectly adequate for this case. Unfortunately for Adobe, this isn't a crypto system, but a DRM system. DRM systems ultimately depend not on the strength of their cryptography, but the complexity of their obfuscation. There is very little obfuscation in how Adobe Digital Editions hides and encrypts the per-user RSA key, allowing fairly simple duplication of exactly the same process Digital Editions uses to retrieve it.
|
Essentially, the requirement that you give the key to the purchaser means that they can discover the key in the future. You can obfuscate it, but eventually someone smart enough, with enough time, will crack it if it's popular.
For those that insist on DRM, the only viable option I see is a model where you can only read while connected to the internet, so the program can query a server for the key. However, think of the bandwidth and storage costs to implement such a scheme.