On May 29, 2011, at 6:28 PM, Seth Willits wrote: >>> I haven't used it myself but I've heard good things about AquaticPrime >>> (http://www.aquaticmac.com/). >> >> AP is certainly easy to use, but my understanding is that it's very weak and >> easy to hack, and "one hack fits all" meaning that all apps that have used >> it unmodified are already compromised. That's what I saw being said about 2 >> years ago, but maybe its author has fixed that since. > > My understanding it's it's not "weak", it's just a classic case of > one-hack-fits-all like you say. The keyed authentication is as good as it > gets for a license scheme. The only problem is that it generates long > (250ish) character keys and some "less knowledgeable" users, shall we say, > don't know that Copy & Paste exists, so they complain.
One other thing I'll mention, is that using the technique AP uses, you actually have a few bytes of extra room to store info in. This allows you to attach a license type and expiration date to the license which is encoded in the license key itself. AP itself doesn't allow it (since it wants you to use a license file and supply all of the info together in that), but the encryption/hashing it uses, does. Other solutions either never think about that, require extra work, a server lookup, or something in order to accomplish it. > "EllipticLicense: replacement for AquaticPrime with shorter keys and similar > or better security." Sounds great to me. Still want a solution with expiring license keys and attributable license types. -- Seth Willits _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
