Re: Secure Sofware Key

From: Glynn Clements (glynn.clements@virgin.net)
Date: 09/04/02


From: Glynn Clements <glynn.clements@virgin.net>
Date: Tue, 3 Sep 2002 23:55:47 +0100
To: Yannick Gingras <ygingras@ygingras.net>


Yannick Gingras wrote:

> > What do you mean by "CD-Key or the like" (I presume that "of" was a
> > typo)? And what do you mean by "unbreakable"?
>
> "of" was a typo
>
> Unbreakable would mean here that no one, even previously authorised entity,
> could use the system without paying the periodic subscription fee.
>
> > You need to be far more explicit about the problem which you wish to
> > solve, and about the constraints involved.
>
> It could be an online system that work 95% offline but poll frequently an
> offsite server. No mass production CDs, maybe mass personalised d/l like Sun
> JDK.
>
> Nothing is fixed yet, we are looking at the way a software can be protected
> from unauthorized utilisation.
>
> Is the use of "trusted hardware" really worth it ?

Answering that requires fairly complete knowledge of the business
model. But, in all probability: no, it isn't usually worth it. So, it
comes down to how difficult you want to make the cracker's job.

If the product requires occasional authentication, simple copying
won't work; the product has to be cracked. In which case, the issue is
whether you're actually going to enter into battle with the crackers,
or just make sure that it isn't trivial.

A lot of it comes down to your customer base. Teenage kids tend to be
more concerned about cost and less concerned about viruses/trojans,
and so more willing to use warez. Fortune-500 corporations are likely
to view matters differently.

> Does it really make it more secure ?

Yes; software techniques will only get you so far. Actually, the same
is ultimately true for hardware, but cracking hardware is likely to
require resources other than just labour.

Almost (?) anything can be reverse engineered. But it may be possible
to ensure that doing so is uneconomical.

> Look at the DVDs.

IIRC, CSS was cracked by reverse-engineering a software player; and
one where the developers forgot to encrypt the decryption key at that.

-- 
Glynn Clements <glynn.clements@virgin.net>



Relevant Pages

  • Re: How long before Leopard is cracked?
    ... before Leopard is cracked for use on non-Apple hardware? ... Most you don't care about. ... crackers is break the cracked version of OSX with each software update. ...
    (comp.sys.mac.system)
  • Re: Curse all linuxheads
    ... The joy of not having the hardware to test upon. ... >The crackers seem to have cracked versions of OSX-x86 that work just fine ... hardware public key encrypter, once ... If infinite rednecks fired infinite shotguns at an infinite number of road ...
    (alt.sysadmin.recovery)