White-box crypto is a neat idea: in essence, it encrypts the implementation of the cipher, transforming straightforward efficient assembly implementations of AES into huge, difficult-to-analyze sequences of instructions that are themselves expressive of a higher-level cipher. The goal is to ship to customers an implementation of a cipher that bakes the key in, in such a way that it's cryptographically difficult to extract the key and then use it in a different implementation of the same cipher.<p>This is, cryptographically speaking, a stretch. In 2004 it get much stretchier when Billet broke one of the best known AES white-box schemes; you can google "white box BGE attack" for the details.<p>Section 2 of this paper is a pretty good overview of white box crypto and the well-known attacks on it.<p>Worth mentioning: a big application for white-box crypto is DRM and content protection. In a DRM setting, defenders are not concerned with <i>absolute</i> protection against attacks, but rather <i>economic</i> protection: it should cost more to break a DRM scheme than a piece of content is worth. It's still possible that white-box crypto can provide that level of assurance for some kinds of content. For instance, with DRM'd movies, studios are mostly concerned about the new-release window; if it takes 2x the new-release window to break a white-box DRM scheme, the studios are probably fine with that.