Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- Subject: Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- From: Greg Hurrell <email@hidden>
- Date: Tue, 20 Apr 2004 03:15:07 +0200
Stefan,
I am in the middle of implementing a system that uses RSA, and I wanted
to ask you a question about how customers react to the idea of license
files. You see, I can use a very short RSA key (say 192 bits) which
would be quite "weak" (cryptographically speaking) but would allow me
to continue to distribute simple serial numbers (containing the
encrypted data) without going over the 80 column (or less) limit in
most email clients.... OR I could use a cryptographically strong RSA
key (512 bits or more), but the resulting encrypted data would be too
abundant for it to be represented as a "serial number"; rather I would
need to distributed, as you do, a license file.
I just wanted to know how your customers react to it. Do they have
trouble installing it? What happens when they lose it (absolutely
guaranteed to happen)? Do they complain about the inconvenience? Are
there problems with users who can't receive attachments?
Conventional serial numbers are easy to email around, they don't
require installation, they can be copied and pasted from an email,
users are highly familiar with the concept etc....
So, I think that conventional "serial numbers" will be much easier to
support, despite the fact that they'll be cryptographically weak. And I
also wonder, how "weak" is "weak"? Perhaps "weak" is enough, because
the path of least resistance will still probably be just cracking the
app and overwriting the copy protection sections with no-ops. Most
likely it will be easier to single-step through the app in a debugger
and work out where to patch the code, than to reverse-engineer it,
brute-force the private key, and generate a working fake serial number.
And a side comment: someone in this thread said that public key crypto
was "overkill". I strongly disagree. If you tie your serial numbers to
users' names or email addresses, they are much less likely to share
them. The biggest threat then becomes a generated serial number, not
attached to any real identity, which is then freely distributed. Public
key crypto makes it infeasible to generate fake serial numbers, so
you're back where you want to be; dealing with the relatively less
harmful problem of discouraging users from sharing their legitimate
serial numbers after buying a license.
The solution to this latter problem, I believe, lies in product
activation (as infamously tried by Microsoft). I think that done well,
and done fairly, product activation presents no inconvenience to users,
requires no hidden files to be scattered anywhere on a user's hard
drive, and it once again focuses the anti-piracy fulcrum in the realm
of cracking (by which I mean, casual piracy is completely eliminated,
and the only way to copy the software becomes to crack it; and it is
far far better to have a hard-to-distribute patch file floating around
the Internet, than to have your app's serial number distributed to
thousands and thousands and thousands of wannabe software pirates every
month in their SerialBox compilation).
Best wishes,
Greg
El 06/04/2004, a las 22:56, Stefan Pantke escribis:
We implemented a licensing system based on public-key cryptography.
RSA is used to create a license and to very the license from within
the application.
Any kind of information can be included in the license file as well.
Moreover, it is technical impossible to generate new license files,
since
only the LinceseBuilder application can do, since only the
LicenseBuilder knows
both - the public and the private key.
Such like schema could be used to deploy demo licenses and full
licenses.
Am 06.04.2004 um 21:51 schrieb Matt Jaffa:
Hi,
I have a finished product and I am looking to give the users a 30-day
or maybe just a week trial.
Is there some way that I can implement this in My Cocoa/Obj-C app.
I don't want them to be able to just reinstall it and then it resets
the time.
Any out there have experience with this, I know with Applications
such as Dreamweaver, they do a good job with this
Are they hiding some file somewhere on my computer?
Any ideas?
Thanks,
Matt
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.