Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- Subject: Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- From: Nicko van Someren <email@hidden>
- Date: Tue, 20 Apr 2004 12:18:10 +0100
On 20 Apr 2004, at 10:51, Greg Hurrell wrote:
I am definitely not a professional cryptographer, so perhaps you can
clarify a point for me.
This thread -- <http://cocoadev.com/index.pl?CocoaInsecurity> --
indicates that if you want to encrypt a short serial number (let's say
160 bits long) then the longest possible RSA key size you can use on
it is also 160 bits... is this true? I would much rather use a long
key, but if it means that I need to have a very long serial number as
well, then I am back where I started, which is having to distribute a
bulkier license file rather than a simple serial number.
This is absolutely wrong. If you have a 160 bit serial number you can
use any key length you want that is longer than about 186 bits. You
need to use a key that is longer than what you want to sign since you
will need to add some padding. The padding methods most commonly used
for signing are covered in an RSA standard called PKCS#1. It is
perfectly normal to use 1024 bit keys to sign 160 bit values since it
is usual to sign a hash of a message rather than the message itself.
Apple do provide the necessary cryptographic functions for doing all
this (see the link [1] below) but the documentation is a little scant.
And on a tangent: like I said, I am certainly no professional
cryptographer, but I was weighing up the key lengths in terms of the
path of least resistance. If the cracker is going to have to spend
hours in the debugger working out how the copy protection works, and
then has to spend hours factoring what is an admittedly
cryptographically weak key, wouldn't it just be easier for them to
forget the factoring altogether and just patch the app?
To break a PK signature based licensing scheme the attacker can either
patch every copy of the application that it to be run unlicensed or
they need to find the public key and factor it. The former requires
reverse engineering the application enough to find out where to patch
the application and then distribution of an illegal patch. If you can
break the key then you can just ship legitimate looking license files
which are forgeries. Finding the public verification keys is
remarkably easy (see the paper I wrote with Adi Shamir on the
subject[2]). As for the cost of factoring 192 bit keys, when I got to
work this morning I tried it just using the Pari GP maths package[3]
and on a 1GHz PIII it took a whole minute and a half to factor a 192
bit RSA modulus!
Cheers,
Nicko
[1]
file:///Developer/Documentation/Security/Reference/
certifkeytrustservices/index.html
[2]
http://www.ncipher.com/scripts/download.php?document=40 (sorry, you
have to register to get the paper here)
[3]
http://pari.math.u-bordeaux.fr/
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.