David Brennan asked;
> Does anyone know enough about RSA to tell me if this is
> correct? It would be really nice if I was wrong and RSA was
> difficult to solve in both directions ways.
As far as I am aware from the RSA mathematics you are dealing with a
symetrical algorithm, where it doesn't matter which of the two keys are
used, its the security of the one you mark as 'private' that matters. What
you in essence want to do is use the public key to decrypt something that
you have encrypted with the private key.
This is exactly what you do when you are sending a message that you not
only want to be recieved by only one known person (so you encrypt using
their public key) but can be verified by them as only being from you (so
you also encypt with you private key first). Then they use their private
key to decrypt your message, which they can decrypt with your public key
proving that only you could have generated the message in the first place.
I believe that PGP has this sort of stuff build in, but its been a while
since I read the sources.
> That leaves the first problem - someone hacking the executable.
> In some ways I am less worried about this because it will
> prevent our support patches from working, leaves tangible evidence
> and I think it is less likely to have a widespread effect.
> Nonetheless I will still take on board some of Max's
> suggestions and see how diabolical I can make the password checking
> routines.
The main issue is that once a simple checker is cracked a small know diff
can be created that will usually be able to be applied to all subsequent
versions, as unless you know that someone has cracked your code, you don't
know to change the relevant code. You often find that applications that
use this sort of half assed security have a 'war' with the crackers where
every version has altered code, and then the crackers recrack the change
for the new version, so the programmers create a new verion that the
cracker crack and so on...
So have fun with some sneeky code, and but remebver to factor the
potential loss in software sales vs. your programming time. Sending 100
hours to save $1000 is not a good bet usally.
Cheers, Max.
---------------------------------------------------------------------------
New Zealand Delphi Users group - Delphi List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
To UnSub, send email to: [EMAIL PROTECTED]
with body of "unsubscribe delphi"
