From ygingras@ygingras.net Wed Sep 4 18:59:01 2002 Return-Path: Delivered-To: yyyy@localhost.example.com Received: from localhost (jalapeno [127.0.0.1]) by jmason.org (Postfix) with ESMTP id 821DE16F49 for ; Wed, 4 Sep 2002 18:58:53 +0100 (IST) Received: from jalapeno [127.0.0.1] by localhost with IMAP (fetchmail-5.9.0) for jm@localhost (single-drop); Wed, 04 Sep 2002 18:58:53 +0100 (IST) Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com [66.38.151.27]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id g84HOPZ12385 for ; Wed, 4 Sep 2002 18:24:25 +0100 Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id 3E30AA35FF; Wed, 4 Sep 2002 10:55:38 -0600 (MDT) Mailing-List: contact secprog-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Delivered-To: mailing list secprog@securityfocus.com Delivered-To: moderator for secprog@securityfocus.com Received: (qmail 4415 invoked from network); 4 Sep 2002 10:36:32 -0000 Content-Type: text/plain; charset="iso-8859-15" From: Yannick Gingras To: secprog@securityfocus.com Subject: Re: Secure Sofware Key Date: Wed, 4 Sep 2002 06:52:07 -0400 User-Agent: KMail/1.4.2 References: <20020829204345.91D1833986@LINPDC.eclipsys.qc.ca> <20020903192326.C9DA533986@LINPDC.eclipsys.qc.ca> <002c01c253c3$5d522d70$740aa8c0@fmmobile> In-Reply-To: <002c01c253c3$5d522d70$740aa8c0@fmmobile> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <200209040652.07546.ygingras@ygingras.net> X-Spam-Status: No, hits=-12.1 required=7.0 tests=AWL,IN_REP_TO,KNOWN_MAILING_LIST,QUOTED_EMAIL_TEXT, REFERENCES,SIGNATURE_SHORT_DENSE,SPAM_PHRASE_02_03, USER_AGENT,USER_AGENT_KMAIL version=2.41-cvs X-Spam-Level: > Software vendors have been trying since forever to prevent software piracy. > Remember when you had to enter a specific word from a specific page of the > software manual, which was printed on dark maroon paper so that it could > not be photocopied? Didn't work. Propritery encoding of DVD's? Didn't > work. Software that required the use of a registration key? Didn't work. > Windows XP was shipped with this supposedly revolutionary method for > stopping piracy, and what happened? How long was it before the code was > cracked? How many keygens are there for Windows XP? Is someone running a > pirated version of XP really going to use Windows Update to installed a > service pack which breaks their OS? Just because M$ didn't include the > change in their README? Fat chance. My problem is not the same as MS's one, I don't have to deal with millions of identical copy of the same CD with propably millions of working keys. Each download can be unique with a small preparation delay. The key generator is a problem only if multiple keys are usable. If the end users are teenagers, you'll face a huge wall when asking to be 100% of the time online but if we think of something like a health care system that keep track of patients personnal information, the end user will be willing to take every possible steps to protect the system from his own employees to use illegaly. I agree with all of you that mass production CDs will not be safe from piracy in a near futur. That can be seen as a collateral of mass market penetration. BTW thanks for all of you who provided interestiong insight. I'm playing with gdb's dissassembler now but I don't think it's what a typical cracker would use. Any hints on UNIX cracking tools ? Thanks. -- Yannick Gingras Coder for OBB : Onside Brainsick Bract http://OpenBeatBox.org