Re: Encrypting lib.

From: "Edwin" <edwin(nospam)yeah@xxxxxxxxx>
Date: Tue, 4 Mar 2008 15:49:15 +0800

"Henrick Hellstr?m" <henrick@xxxxxxxxxxxx> wrote in message
news:47cc0aca$1@xxxxxxxxxxxxxxxxxxxxxxxxx

Roger Lascelles wrote:

The poster was going to encrypt all his licence keys and store them in
the executable or data file, with the decryption code included. That
means a cracker could recover all the stored licence keys anyway, because
the code would decrypt the keys one by one and compare each with the
entered key!

At least the hash method does not give away any actual keys.

Sure, if the cracker gets the actual license keys, they can be used by
anyone with the authentic software. The alternative is false keys that
have to be used with a patch that is applied to the software.
Unfortunately that advantage is of limited value. The OP said that the
actual keys would expire eventually, and when that happens the cracker
would have to patch the software anyway.

The keys shipped with the application (in a sqlite DB) are intended for
searching the corresponding date only.

The users of this program are existing customers whose keys can be
checked in the usual way, then the known good keys are "looked up" in the
list to see if they get the date extension. Its just customer
management, not high security.

The OP might want to correct me on this, but I think your assumption is
incorrect. I believe the OP wanted a mechanism that would allow existing
customers to use the general distribution of the software with their
existing keys. IOW the users of the program that contains the mechanism
would not only be existing customers, but everyone.

This is correct.

Now, of course, it might be the case that the OP is not concerned about
cracks, but only want a simple method that can be used for keeping honest
users honest. In such case, however, I would argue that the absolutely
best approach would be to implement the check server side when the user
goes to check for updates. Should the OP consider that approach
inadequate, I think it is safe to assume that the OP wants software
protection that is not trivial to crack.

I don't want to spend too much time on anti-cracker at this moment.

.

References:
- Re: Encrypting lib.
  - From: Roger Lascelles
- Re: Encrypting lib.
  - From: Henrick Hellström
- Re: Encrypting lib.
  - From: Roger Lascelles
- Re: Encrypting lib.
  - From: Henrick Hellström

Prev by Date: Re: Encrypting lib.
Next by Date: Re: Encrypting lib.
Previous by thread: Re: Encrypting lib.
Next by thread: Re: Encrypting lib.
Index(es):
- Date
- Thread

Relevant Pages

Re: How to protect my program from being cracked?
... Always assume that a detemined cracker has everything, ... generated from system characteristics: hard disk serial numbers, ... processor IDs, OS registration data, application registration data. ... these keys, while in fact it needs only to be able to verify them. ...
(comp.lang.pascal.delphi.misc)
Re: Why use encryption at all?
... What if the cracker has not actually gained access to your database, but merely to your data files? ... Encryption will keep him or her from getting your data via a hex editor. ... Or, what if you have multiple keys for different security principals, and the cracker only gains access to one principal? ... The other principal's keys will help protect some of the data so that the cracker can't get everything. ...
(microsoft.public.sqlserver.security)
Re: RSA private/public question
... would like to stress that such registration schemes can be by-passed. ... To crack your scheme the cracker will just have to flip the conditional so that execution exits if the key is valid and continues otherwise. ... Consequently, you might use RSA to make it practically infeasible for anyone to generate keys that will work with your *authentic* software, but you can't possibly prevent people from generating keys that will work with *cracked* versions of your software. ... Hence, your best bet might be to give your users incentive to stay away from cracked versions of your software, and one tool you might use for this is a spotless reputation for producing malware free software combined with instrumental use of MS Authenticode. ...
(borland.public.delphi.thirdpartytools.general)
Re: Encrypting lib.
... with the decryption code included. ... That means a cracker could recover all the stored licence keys anyway, because the code would decrypt the keys one by one and compare each with the entered key! ... Sure, if the cracker gets the actual license keys, they can be used by anyone with the authentic software. ... I believe the OP wanted a mechanism that would allow existing customers to use the general distribution of the software with their existing keys. ...
(borland.public.delphi.thirdpartytools.general)
Re: Its a Toyota, I want one:
... >>> Reminds me of a blonde service manager I used to call on. ... >>> great with customers and the employees in his department, ... > We were selling some older IBM Keyboards that had extra keys on them, ... > older machines set up with keyboards with functional ANY keys on them. ...
(alt.autos.toyota)