Re: Want to Protect my Software - Recommendations?

On Aug 12, 6:33 pm, gordonb.4i...@xxxxxxxxxxx (Gordon Burditt) wrote:
I recommend a simple license key check. You can use public
key cryptography to make it impossible for crackers to generate valid
license keys. This is the offline equivalent of what you want.

This is a great idea. It makes the entire thing so much simpler. Can
you recommend an article or tutorial how to use public key
cryptography for this kind of simple license key check?

OTOH, since my software can be purchase only from my web site, what's
the point of emailing a product key with the software? It can be
copied even more easily than the software. Any insights on this?

You should also take into account that such vendor-side protection is
considered annoying, no matter how well you implement it. It doesn't
stop pirates, but it may easily scare away your legitimate customers.
You _will_ run into problems with all active DRM methods you implement,
especially if you try to validate by hardware configuration.

If 60% of your customers pay, but 95% of your _potential_ customers
moved to products with less annoying DRM, then your idea was a total

What you say sounds very logical and I myself identify with this.
However, it seems that consumers (and business in general) don't
behave this way. If vendor-side protection annoyance were a factor, no
one would have bought Windows XP or Vista...

I would love to not bother at all with implementing product key or
activation for my software, but unfortunately it seems that this is
not how the world works.

One way to discourage copying keys around:

1. Make part of the key the customer's name, and display it on
startup ("This software is licensed to ...").
2. Make part of the key the customer's credit card number. Try
to make this obvious to the customer when entering it.
You validate this info when the customer purchases a key online.

3. Another part of the key is a digital signature which prevents
the customer from modifying the parts of the key in #1 and #2
and still having the key work.

I think this is how some of the "no DRM" music distributions work.

Thank you Gordon for your tips. This is in line with what I decided to
implement. I hate software that spies on its customers. I just didn't
know where to start.

I didn't understand what you meant when you said "don't write
software". Just doesn't make sense (my only way to make a living is by
writing software and I can't give it for free). Now what you say is
more reasonable.