• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Registration Code
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Registration Code

  • Subject: Re: Registration Code
  • From: Matthew <email@hidden>
  • Date: Sat, 13 Nov 2004 11:05:19 -0500
Hardcoding is a terrible idea unless you're a little bit sophisticated with it. All hardcoded strings in a file can be read as plain text by simply using the 'strings' command in terminal. For example, typing 'strings myExecutable' gives me a list of all of the strings in it. Most will be library calls, etc. but you will certainly find that key with almost no effort if you know what to look for.

Maybe think just a tiny bit harder and consider at least a cipher or use a package that does RSA. Having some construct that's like

if (RegCode == "myHardCodedString") then unlock app

is almost pointless.

Matthew


On Nov 13, 2004, at 3:12 AM, Will Mason wrote:

I think developers spend too much time on those "funky registration
code hiding things", but it's stolen time. Some people will always
give
away registration codes to friends. If you app is good and has an
adequate price, there will also be many people who will buy it.

So, in my opinion, we developers should spend more time in developing

great applications, instead of non-working piracy protection things.
;-)


I don't agree. I've spent most of my career working on security, and I
agree that it is impossible to secure an app 100%. However, you can
with minimal effort prevent 99% of attacks on your software. Even if
you encrypted the "secret" information using a key that was hard-coded
into your program you could prevent the vast majority of crackers from
achieving their goal. The attackers would have to hack in and find the
key. Most attackers are not willing to do that.

My recommendation therefore is to encrypt your private information even
using a hard-coded key. Most crackers are too lazy to bother with
encryption even when it's so easily circumvented.

I actually believe, probably because of my background in security, that
developers don't spend enough time on security. Most software would be
a lot more secure and equally easy to use if people took the time to
understand the basics of cryptographic algorithms and protocols.

Just my opinion,
Will Mason

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Registration Code

      • From: Will Mason <email@hidden>
      • 





References: 


 >Re: Registration Code (From: Will Mason <email@hidden>)






    

  • Prev by Date:
Re: WebKit - how to be the "data source" for a WebView

    • 

  • Next by Date:
Re: Doubleclick in a tableview row?

    • 

  • Previous by thread:
Re: Registration Code

    • 

  • Next by thread:
Re: Registration Code

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •