Re: Serial numbers (was Re: Text file encryption)
Re: Serial numbers (was Re: Text file encryption)
- Subject: Re: Serial numbers (was Re: Text file encryption)
- From: David Remahl <email@hidden>
- Date: Tue, 17 Sep 2002 12:07:15 +0200
>
I am aware that this topic has been done quite a bit on this list (come
>
to think of it, I may have even started a thread on this myself awhile
>
back), but a few more ideas have floated by since then, and, as a
>
release date for my program draws near, I am starting to work on a
>
registration system again.
>
>
First off, I'm really beginning to think that no quick-and-effective
>
algorithm I could code is truly safe from hacking. But how about
>
built-in encryption functions? What if we used OpenSSL to do some sort
>
of encryption on-the-fly? Or perhaps even the CDSA framework? Is this
>
at all feasible? (If so, which should I choose--OpenSSL, or CDSA?) If
>
we used such frameworks, we could even save a special encrypted
>
registration-data file in the preferences folder (or simply some
>
encrypted strings in the program's regular preferences file).
Are you talking about encrypting the registration algoritm and decrypting it
before it is run? I don't think that is very useful, since the code will
still be decrypted as it runs (and therefore be debuggable).
In CCI I use OpenSSL to verify a signature on a string which was generated
using my private key. The public key is included in the program and is used
for the verification (I use DSA). Obviously, this approach is still
succeptible to cracking, since the cracker could just replace the public key
with a public key that is part of another public/private key pair - one that
he has access to. But as i have said before, I don't see cracks as nearly as
dangerous as people generating "their own" serials.
>
Might OpenSSL or CDSA work for this purpose? If so, how would one go
>
about it?
See above.
/ Rgds, David
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.