Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- Subject: Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
- From: Nicko van Someren <email@hidden>
- Date: Tue, 20 Apr 2004 17:02:23 +0100
On 20 Apr 2004, at 16:47, Alastair Houghton wrote:
On 20 Apr 2004, at 02:15, Greg Hurrell wrote:
And a side comment: someone in this thread said that public key
crypto was "overkill".
Yes, it was me. The reason is that, as Nicko also pointed-out and as
I pointed-out when I first said public key crypto was overkill for
this task, it is relatively easy for an attacker to replace the
verification key, at which point they can generate keys. Or they
could just disable the licensing code altogether.
I think however that this speaks to one of the key strengths of public
key based licenses. If you make licenses using either symmetric
encryption or simple obfuscation of data then someone who reverse
engineers your code can then go on to easily forge license for other
people. If you use public key crypto for the license files then merely
knowing everything about how the license system works is not sufficient
to forge new licenses; the attacker actually has to alter the
application code. This makes a significant qualitative change to the
actions and effort needed for one attacker to deprive you of a great
many licenses.
Nicko
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.