In my experience (which includes maintaining copy-protection code back in
the "floppy-disk days" of PCs), once data in is "user space" you have
already lost the battle. You can make it arbitrarily hard for people to
copy the data; but if they can read the data in some fashion, it can be
decoded to plain text. The hardest cryptographic/coding technology to crack
is the one-time pad, which raises the barrier considerably by using a
different code for each message. It is also such an awful pain to create
and maintain one-time pads that they are only used for absolute top-level
classified information (the "burn before reading" stuff).
To make a long story short (too late! :)), the only security that can really
work is security in the OS, where it is assisted by the hardware. If you
can't read the data, it makes it very hard to decrypt/decode it...
======================================================================
Mark Fisher Thomson Consumer Electronics
fisherm@indy.tce.com Indianapolis, IN
"Just as you should not underestimate the bandwidth of a station wagon
traveling 65 mph filled with 8mm tapes, you should not overestimate
the bandwidth of FTP by mail."