Re: Encrypting lib.

Roger Lascelles wrote:
The poster was going to encrypt all his licence keys and store them in the executable or data file, with the decryption code included. That means a cracker could recover all the stored licence keys anyway, because the code would decrypt the keys one by one and compare each with the entered key!

At least the hash method does not give away any actual keys.

Sure, if the cracker gets the actual license keys, they can be used by anyone with the authentic software. The alternative is false keys that have to be used with a patch that is applied to the software. Unfortunately that advantage is of limited value. The OP said that the actual keys would expire eventually, and when that happens the cracker would have to patch the software anyway.


The users of this program are existing customers whose keys can be checked in the usual way, then the known good keys are "looked up" in the list to see if they get the date extension. Its just customer management, not high security.

The OP might want to correct me on this, but I think your assumption is incorrect. I believe the OP wanted a mechanism that would allow existing customers to use the general distribution of the software with their existing keys. IOW the users of the program that contains the mechanism would not only be existing customers, but everyone.

Now, of course, it might be the case that the OP is not concerned about cracks, but only want a simple method that can be used for keeping honest users honest. In such case, however, I would argue that the absolutely best approach would be to implement the check server side when the user goes to check for updates. Should the OP consider that approach inadequate, I think it is safe to assume that the OP wants software protection that is not trivial to crack.
.

Relevant Pages

  • Re: How to protect my program from being cracked?
    ... Always assume that a detemined cracker has everything, ... generated from system characteristics: hard disk serial numbers, ... processor IDs, OS registration data, application registration data. ... these keys, while in fact it needs only to be able to verify them. ...
    (comp.lang.pascal.delphi.misc)
  • Re: Why use encryption at all?
    ... What if the cracker has not actually gained access to your database, but merely to your data files? ... Encryption will keep him or her from getting your data via a hex editor. ... Or, what if you have multiple keys for different security principals, and the cracker only gains access to one principal? ... The other principal's keys will help protect some of the data so that the cracker can't get everything. ...
    (microsoft.public.sqlserver.security)
  • Re: RSA private/public question
    ... would like to stress that such registration schemes can be by-passed. ... To crack your scheme the cracker will just have to flip the conditional so that execution exits if the key is valid and continues otherwise. ... Consequently, you might use RSA to make it practically infeasible for anyone to generate keys that will work with your *authentic* software, but you can't possibly prevent people from generating keys that will work with *cracked* versions of your software. ... Hence, your best bet might be to give your users incentive to stay away from cracked versions of your software, and one tool you might use for this is a spotless reputation for producing malware free software combined with instrumental use of MS Authenticode. ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Encrypting lib.
    ... with the decryption code included. ... means a cracker could recover all the stored licence keys anyway, ... Sure, if the cracker gets the actual license keys, they can be used by ... would not only be existing customers, ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Its a Toyota, I want one:
    ... >>> Reminds me of a blonde service manager I used to call on. ... >>> great with customers and the employees in his department, ... > We were selling some older IBM Keyboards that had extra keys on them, ... > older machines set up with keyboards with functional ANY keys on them. ...
    (alt.autos.toyota)