Re: Secure Sofware Key

From: Glynn Clements (glynn.clementsat_private)
Date: Tue Sep 03 2002 - 15:55:47 PDT

Next message: Yannick Gingras: "Re: Secure Sofware Key"

Previous message: Yannick Gingras: "Re: Secure Sofware Key"
In reply to: Yannick Gingras: "Re: Secure Sofware Key"
Next in thread: Yannick Gingras: "Re: Secure Sofware Key"
Reply: Yannick Gingras: "Re: Secure Sofware Key"
Reply: Bryan Feir: "Re: Secure Sofware Key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yannick Gingras wrote:

> > What do you mean by "CD-Key or the like" (I presume that "of" was a
> > typo)? And what do you mean by "unbreakable"?
> 
> "of" was a typo
> 
> Unbreakable would mean here that no one, even previously authorised entity, 
> could use the system without paying the periodic subscription fee.
> 
> > You need to be far more explicit about the problem which you wish to
> > solve, and about the constraints involved.
> 
> It could be an online system that work 95% offline but poll frequently an 
> offsite server.  No mass production CDs, maybe mass personalised d/l like Sun 
> JDK.
> 
> Nothing is fixed yet, we are looking at the way a software can be protected 
> from unauthorized utilisation.  
> 
> Is the use of "trusted hardware" really worth it ?

Answering that requires fairly complete knowledge of the business
model. But, in all probability: no, it isn't usually worth it. So, it
comes down to how difficult you want to make the cracker's job.

If the product requires occasional authentication, simple copying
won't work; the product has to be cracked. In which case, the issue is
whether you're actually going to enter into battle with the crackers,
or just make sure that it isn't trivial.

A lot of it comes down to your customer base. Teenage kids tend to be
more concerned about cost and less concerned about viruses/trojans,
and so more willing to use warez. Fortune-500 corporations are likely
to view matters differently.

> Does it really make it more secure ?

Yes; software techniques will only get you so far. Actually, the same
is ultimately true for hardware, but cracking hardware is likely to
require resources other than just labour.

Almost (?) anything can be reverse engineered. But it may be possible
to ensure that doing so is uneconomical.

> Look at the DVDs.

IIRC, CSS was cracked by reverse-engineering a software player; and
one where the developers forgot to encrypt the decryption key at that.

-- 
Glynn Clements <glynn.clementsat_private>

Next message: Yannick Gingras: "Re: Secure Sofware Key"
Previous message: Yannick Gingras: "Re: Secure Sofware Key"
In reply to: Yannick Gingras: "Re: Secure Sofware Key"
Next in thread: Yannick Gingras: "Re: Secure Sofware Key"
Reply: Yannick Gingras: "Re: Secure Sofware Key"
Reply: Bryan Feir: "Re: Secure Sofware Key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 10:08:00 PDT