Re: Preventing Software Piracy ???




"Doug McIntyre" <merlyn@xxxxxxxxx> wrote in message
news:4a3f97ab$0$92356$8046368a@xxxxxxxxxxxxxxxxxxxxxxxxx
"Peter Olcott" <NoSpam@xxxxxxxxxxxxx> writes:
If a computer has to run it, the software can be
cracked.
No matter what.

Not if the computer that is running it is on the dongle
and
100% totally inaccessible to any and all outside
observation.

Then its not a computer, you now have a black box, and
protecting
it can be easier when you control the whole thing,
although again,
if somebody made it, it can be taken apart. Dongles don't
have enough
CPU power/memory on them to run the whole program, typical
sizes of dongles are 32k or 64k.

How about cracking PGP encryption? Phil Zimmerman (PGP's
inventor) told me the computational complexity of this.
Cracking PGP is infeasible. It would take something like
trillions of years to crack a single message. If this kind
of technology could be directly applied to copy
protection,
then copy protection would become uncrackable.

The main protection offered by PGP is that the private key
stays in
the hands of the sender. In a computer system, you will
need to be
running this without a physical visit by you each time the
end user
wants to run the program to provide the private key needed
to unlock it.

It is stored on the dongle in encrypted form. The dongle
erases all of its memory when disassembled.


Even so, the computing power needed to crack a PGP message
is rapidly
coming down in time, but still, the main thing is a
computer program
can't use public key encryption easily, because you will
need to
embed a private key in the binary as well as the public
key seen.

I have seen some license systems utilize GPG to sign their
license files.
One way to circumvent this system is to find the GPG
private key that is
embedded inside the program code (usually pretty easy to
find),
replace it with one of your own, and now you can sign any
license file
you want to provide the code and the code will happily
accept it as
its own.


When the private key is stored on the dongle in encrypted
form, and the execution of the dongle can not be traced,
then the private key is safe.


.



Relevant Pages

  • Re: Preventing Software Piracy ???
    ... Cracking PGP is infeasible. ... then copy protection would become uncrackable. ... wants to run the program to provide the private key needed to unlock it. ... I have seen some license systems utilize GPG to sign their license files. ...
    (comp.security.misc)
  • Re: Looking for information on dongle checks
    ... was used to decrypt the in-memory portions on-the-fly. ... determining the encryption algorithm, etc), which would take a month or two. ... presumably encrypted) application, no dongle, and require that it be ... Samplitude and Sequoia supposedly use Wibu's protection and have both been ...
    (comp.lang.asm.x86)
  • Re: Manual import of pkcs12 file
    ... which protection is done first? ... > it's only the private key being protected, as well as some key meta-data. ... CryptProtectData is only called once. ... DPAPI will just encrypt ...
    (microsoft.public.platformsdk.security)
  • Re: Preventing Software Piracy ???
    ... In other words part of the software system being ... protected in only available from the dongle. ... This is the basis of all hardware copy protection dongles for the last ... even uncrackable by its original designer. ...
    (comp.security.misc)
  • Re: Sensitive data in code ...
    ... you need to balance the cost of exposure against the cost ... You need to consider for each protection scenario how much it costs ... We do this by embedding a private key in the executable itself. ... not find our "master password", but we still are not totally ...
    (microsoft.public.security)