• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [little OT] Licensing/Implementing in Cocoa/Obj-C

  • Subject: Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
  • From: Nicko van Someren <email@hidden>
  • Date: Tue, 20 Apr 2004 09:27:20 +0100
On 20 Apr 2004, at 2:15, Greg Hurrell wrote:

I am in the middle of implementing a system that uses RSA, and I wanted to ask you a question about how customers react to the idea of license files. You see, I can use a very short RSA key (say 192 bits) which would be quite "weak" (cryptographically speaking) but would allow me to continue to distribute simple serial numbers (containing the encrypted data) without going over the 80 column (or less) limit in most email clients.... OR I could use a cryptographically strong RSA key (512 bits or more), but the resulting encrypted data would be too abundant for it to be represented as a "serial number"; rather I would need to distributed, as you do, a license file.

Setting aside the other considerations for a moment, as a professional cryptographer I would strongly advise against using RSA with keys as short as 192 bits. While I don't have exact figures to hand for 192 bit numbers it's worth noting that it is less than half the length of the first RSA Challenge and I suspect it would take a matter of hours to factor on a decent modern computer. According the the RSA FAQ on factoring [1] numbers with 430 bits can be factored inside a year using a single PC and in previous work I've shown that a single 42 unit rack of G5 X Serves can factor 512 bit keys at a rate of about one every two weeks. As well as the more complex (to code and to understand) sieve methods there are methods that are trivial to code and require minimal knowledge of mathematics which will factor your key in about 2^48 steps.

Using public key crypto is (IMHO) a great way to create software licenses. Its use means that even if your code is reverse engineered an attacker can not fake new licenses. That said, if the key that you use is too short and can be factored all this security disappears. If I were you I'd go for a much much longer key.

Nicko

[1] http://www.rsasecurity.com/rsalabs/challenges/factoring/faq.html
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
      • From: Charles Srstka <email@hidden>
    • Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
      • From: Greg Hurrell <email@hidden>
References: 
 >[little OT] Licensing/Implementing in Cocoa/Obj-C (From: Matt Jaffa <email@hidden>)
 >Re: [little OT] Licensing/Implementing in Cocoa/Obj-C (From: Stefan Pantke <email@hidden>)
 >Re: [little OT] Licensing/Implementing in Cocoa/Obj-C (From: Greg Hurrell <email@hidden>)

  • Prev by Date: Re: CodeWarrior vs. Xcode?
  • Next by Date: Re: internal frameworks in app bundle
  • Previous by thread: Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
  • Next by thread: Re: [little OT] Licensing/Implementing in Cocoa/Obj-C
  • Index(es):
    • Date
    • Thread