On Dec 29, 2009, at 8:44 PM, Rafael Bugajewski wrote: > On 12/29/2009, at 08:20 PM, Benjamin Ragheb wrote: > >> To repeat what was said earlier, it does matter. If the keygens create >> keys that are also used by paying customers, you then cannot blacklist >> bad keys without inconveniencing paying customers. > > This *heavily* depends on your algorithm. If you generate a key from the > user’s name and email address, then the probability is equal to 0 that a > legit and a generated serial number will collide.
Well, you don't use the license data to derive a key from it. No sensible solution does that. >> In other words, it's not about how crackable it is, but limiting the >> damage that crackers can cause. Considering that a asymmetric scheme >> is no harder to implement than any other one, it's good advice. > > The damage of both techniques can be equal. And I don’t know if recommending > a framework to prevent piracy is a good advice at all. I’m not against any > framework, but a self-baked solution would be more unique and require more > effort to crack—under the assumption that you have enough knowledge and time. No offense but: Quite the contrary. This is security by obscurity which is a big no-no if you ever want something to be secure. RSA for that matter is well known and reasonably hard. I believe you are not appreciating how AquaticPrime (and other asymmetric crypto license systems) work: You (the developer) have 2 keys, one private key which is secret and known only by you, one public key. The public key can only be used to de-crypt the license but not to generate one. You use the private key to create a license. You just can't develop a license key generator unless you have the private key. It's not embedded in the application, no one knows it except you. Using this system instead of something home-baked has the huge advantage of being reliable and tested for years. Plus, the actual decrypting code doesn't have to be secret (in fact it is not) because the only really valuable information is the private key (which is not embedded in the application). That said, AquaticPrime (and I imagine other systems mentioned here) don't provide much help to put the license checking code into your app in a way that makes it difficult to remove. You can make it easy for crackers or more difficult. In the end the license check - no matter how sophisticated - boils down to a check which can fail or succeed. If a cracker finds it, it can be removed. Regards Markus -- ______________________________ Markus Spoettl <http://www.rubitrack.com> ------------------------------------ MacSB email guidelines: http://tinyurl.com/2g55d6 Use MacSB-Talk for off topic messages: http://groups.google.com/group/macsb-talk Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/macsb/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/macsb/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
