• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Serial key Framework for cocoa?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Serial key Framework for cocoa?

  • Subject: Re: Serial key Framework for cocoa?
  • From: William Squires <email@hidden>
  • Date: Thu, 25 Jan 2007 22:45:39 -0600
On Jan 25, 2007, at 10:41 PM, William Squires wrote:

On Jan 25, 2007, at 6:16 PM, Andrew Farmer wrote:

On 25 Jan 07, at 09:54, Stefan wrote:
Final technical remark: Better don't use ObjC to verify a key, but standard C

More specifically: Don't *ever* generate the key within your program and compare the user's input against it. Schemes that work this way are trivial to break: all an intrepid hacker has to do is find where it's generated, interrupt your program there, and copy the output. Come up with some other, more indirect way of checking the key's validity.

Similarly, returning a TRUE/FALSE status from an "isRegistered" function is asking for trouble. It's pretty trivial to replace a complex function with a small stub that'll return a fixed value. Same goes for checking its return value in a single location (at startup or the like).
Which raises a question: are the ObjC constants "Yes" and "No" a true boolean data type, or just mapped to an integral data type as in C/C++? If they're just a form of integer, then you can 'redefine' what an acceptable 'true' answer is.
Perhaps by using a rotating key for generating the 'true' status (say, with a Linear Feedback Shift Register in 32 bits), you could make it a lot harder to just replace it with a stub that returns a constant value. Even better if the key is used in a computation somehow (perhaps to decrypt some other data); then a hacker would have to figure out what relevance the return value has (once they try - and fail - with the obvious 'replace with a stub' method!) i.e. they'll have to disassemble and reverse-engineer it to understand how it works. Most just want a 'quickie' fix, such as a 'usable-everywhere keycode generator' or some such.
But... as this isn't really a Cocoa topic, it's probably best taken off-list.


Oops, I should have said, '... as serial key generation isn't really a Cocoa topic..."

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
40satx.rr.com

This email sent to email@hidden 


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Serial key Framework for cocoa? (From: "Ferhat Ayaz (Kedisoft)" <email@hidden>)


 >Re: Serial key Framework for cocoa? (From: Stefan <email@hidden>)


 >Re: Serial key Framework for cocoa? (From: Andrew Farmer <email@hidden>)


 >Re: Serial key Framework for cocoa? (From: William Squires <email@hidden>)






    

  • Prev by Date:
Re: Serial key Framework for cocoa?

    • 

  • Next by Date:
NSTableView, validateDrop: not called on same row

    • 

  • Previous by thread:
Re: Serial key Framework for cocoa?

    • 

  • Next by thread:
Re: Serial key Framework for cocoa?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •