Re: Cocoa-preferred licensing key style?
Re: Cocoa-preferred licensing key style?
- Subject: Re: Cocoa-preferred licensing key style?
- From: Seth Willits <email@hidden>
- Date: Sun, 29 May 2011 18:35:09 -0700
On May 29, 2011, at 6:28 PM, Seth Willits wrote:
>>> I haven't used it myself but I've heard good things about AquaticPrime (http://www.aquaticmac.com/).
>>
>> AP is certainly easy to use, but my understanding is that it's very weak and easy to hack, and "one hack fits all" meaning that all apps that have used it unmodified are already compromised. That's what I saw being said about 2 years ago, but maybe its author has fixed that since.
>
> My understanding it's it's not "weak", it's just a classic case of one-hack-fits-all like you say. The keyed authentication is as good as it gets for a license scheme. The only problem is that it generates long (250ish) character keys and some "less knowledgeable" users, shall we say, don't know that Copy & Paste exists, so they complain.
One other thing I'll mention, is that using the technique AP uses, you actually have a few bytes of extra room to store info in. This allows you to attach a license type and expiration date to the license which is encoded in the license key itself. AP itself doesn't allow it (since it wants you to use a license file and supply all of the info together in that), but the encryption/hashing it uses, does. Other solutions either never think about that, require extra work, a server lookup, or something in order to accomplish it.
> "EllipticLicense: replacement for AquaticPrime with shorter keys and similar or better security."
Sounds great to me. Still want a solution with expiring license keys and attributable license types.
--
Seth Willits
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden