Although all current scientific white-box publications are academically broken, there is still a large number of companies which sell "secure" white-box products based on unknown designs and relying on additional code obfuscation countermeasures. A new approach to assess the security of white-box implementations is presented which requires neither knowledge about the inner white-box design nor any reverse engineering effort. The differential computation analysis (DCA) attack is the software counterpart of the differential power analysis attack as applied by the cryptographic hardware community.