I know this doesn't answer your question, and I hope someone gives this list the answer you want, but bear with me. As we all know, naughty students can get a working CDKEY from any number of websites in a matter of minutes. In my mind, the idea of securing your CDKEY is like keeping the key to your house on a string around your neck so nobody can steal it from you. If you have another key under the door mat, nobody needs the one safely hanging from your neck. BRYAN ----- Original Message ----- From: "Juan M. Courcoul" <courcoulat_private> To: "Vuln-Dev" <VULN-DEVat_private> Sent: Monday, June 25, 2001 1:28 PM Subject: Recovering the activation key from a Win2K installation > Please bear with me, as I only pretend to have a limited knowledge of > Windows internals enough to survive its use. > > A discussion arose as to the security of Windows 2000's activation key, > aka the CD or Product Key. A colleague who handles Win2K installations > insisted that once you have keyed in the 29-character string and > activated the OS during a full new install, it is unrecoverable and > hence safe to install in student labs, etc., without the risk of > compromising the corporate license. She went so far as to claim that > even a user with Administrator privileges couldn't get it back. > > My gut feeling is that this is bull and constitutes a prime example of > "assumed security thru ignorance". > > Would you kind Windows gurus please tell me who's got it right this time ? > > J. Courcoul
This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 23:07:47 PDT