Dnia Thu, Jan 14, 2010 at 02:08:40PM -0800, wesker napisaĆ(a):
> Although the key hard-coded in the client app could allow someone to
> decrypt that file, if they were clever enought to obtain it, the human-
> readable text would be useless to them as they'd have no way to change
> it for use on another machine, and re-encrypt it.
Bad assumption. If someone is clever enough to get a hard coded key
and decrypt a file, then its no brainer to patch executable with
his own key and his other machine id.
Its long convulted way to achieve same result as simple id check
with ids obscured by xor deadbeef operation.
You also can not rely on authenticode signing your executable,
because someone who would steal just will turn off OS protections.
If your software is so valuable to deserve real protection,
you may think of issuing to your client HW protectors.
If its not worthy additional $50 for such, you'll better IMO
don't worrying about tchiefs but more what real incentives/advantages
for registered users you may provide. Just my two cents.
Kind regards, Ohir.
--
Wojciech S. Czarnecki
<< ^oo^ >> OHIR-RIPE
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
