Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- Subject: Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- From: Greg Hurrell <email@hidden>
- Date: Tue, 20 Apr 2004 11:51:55 +0200
I am definitely not a professional cryptographer, so perhaps you can
clarify a point for me.
This thread -- <
http://cocoadev.com/index.pl?CocoaInsecurity> --
indicates that if you want to encrypt a short serial number (let's say
160 bits long) then the longest possible RSA key size you can use on it
is also 160 bits... is this true? I would much rather use a long key,
but if it means that I need to have a very long serial number as well,
then I am back where I started, which is having to distribute a bulkier
license file rather than a simple serial number.
Having said the above, I am not sure that it's true that your key can't
be longer than your plaintext. For example, my reading of this page --
<
http://cisnet.baruch.cuny.edu/holowczak/classes/9444/rsademo/> --
suggests that RSA is usually applied to blocks of 64 or 128 bits of
plaintext at a time, irrespective of the length of the key; and in
fact, the demo on that page operates on blocks of a mere 16 bits at a
time. If this is true, then I can make my serial number as short as I
want (obviously the minimum size is limited by how much information I
want to embed in it) while using a long, cryptographically strong key.
I would really appreciate it if an expert could confirm this for me,
because then I can throw my weak key idea out the window, which is what
I would like to do.
And on a tangent: like I said, I am certainly no professional
cryptographer, but I was weighing up the key lengths in terms of the
path of least resistance. If the cracker is going to have to spend
hours in the debugger working out how the copy protection works, and
then has to spend hours factoring what is an admittedly
cryptographically weak key, wouldn't it just be easier for them to
forget the factoring altogether and just patch the app?
But in any case, yes, obviously I would much rather use a strong key,
thus forcing the hacker to crack because fake serial generation becomes
infeasible.
Best wishes,
Greg
El 20/04/2004, a las 10:27, Nicko van Someren escribis:
Setting aside the other considerations for a moment, as a professional
cryptographer I would strongly advise against using RSA with keys as
short as 192 bits. While I don't have exact figures to hand for 192
bit numbers it's worth noting that it is less than half the length of
the first RSA Challenge and I suspect it would take a matter of hours
to factor on a decent modern computer. According the the RSA FAQ on
factoring [1] numbers with 430 bits can be factored inside a year
using a single PC and in previous work I've shown that a single 42
unit rack of G5 X Serves can factor 512 bit keys at a rate of about
one every two weeks. As well as the more complex (to code and to
understand) sieve methods there are methods that are trivial to code
and require minimal knowledge of mathematics which will factor your
key in about 2^48 steps.
Using public key crypto is (IMHO) a great way to create software
licenses. Its use means that even if your code is reverse engineered
an attacker can not fake new licenses. That said, if the key that you
use is too short and can be factored all this security disappears. If
I were you I'd go for a much much longer key.
Nicko
[1] http://www.rsasecurity.com/rsalabs/challenges/factoring/faq.html
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.