This is why we have and need trusted Certificate Authorities BTW, who bind public keys to identities.
Create For A Software In Vb6 Array Function License Fee AndTo get access to all the features the user has to pay a license fee and receive a key.That key will then be entered into the application to unlock the full version.But this solution is already weak ( as the software itself has to include the secret key somewhere ), so I dont think this discovery invalidates the solution as far as it goes.
Create For A Software In Vb6 Array Function Registration So SecureI dont think theres a method of registration so secure that it can survive a good hacker running the program locally. As the original comment said, its really all about anything that makes it one step harder than simply copying the file. Create For A Software In Vb6 Array Function Code Is OutA lot of games these days have given up on copy protection and simply take the game content online, in which case the code is out of the hackers hands. And its a pity, because for companies, license keys have almost the same value as real cash. Obfuscating the algorithm or hiding an encryption key within your software is really out of the question if you are serious about controlling licensing. If your product is successful, someone will make a key generator in a matter of days from release. You dont want every customer calling the technical support because they dont understand if the key contains a l or a 1. Your support department would thank you for this, and you will have lower costs in this area. Your license keys should be in fact signed documents, containing some useful data, signed with your companys private key. The product should validate the license keys with the corresponding public key. This way, even if someone has full access to your products logic, they cannot generate license keys because they dont have the private key. A license key would look like this: BASE32(CONCAT(DATA, PRIVATEKEYENCRYPTED(HASH(DATA)))). The biggest challenge here is that the classical public key algorithms have large signature sizes. You dont want your license keys to have hundreds of characters. One of the most powerful approaches is to use elliptic curve cryptography (with careful implementations to avoid the existing patents). ECC keys are like 6 times shorter than RSA keys, for the same strength. You can further reduce the signature sizes using algorithms like the Schnorr digital signature algorithm (patent expired in 2008 - good:) ). Basically, for a customer with a valid license key, you need to generate some activation data which is a signed message embedding the computers hardware id as the signed data. This is usually done over the internet, but only ONCE: the product sends the license key and the computer hardware id to an activation server, and the activation server sends back the signed message (which can also be made short and easy to dictate over the phone). From that moment on, the product does not check the license key at startup, but the activation data, which needs the computer to be the same in order to validate (otherwise, the DATA would be different and the digital signature would not validate). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |