Re: CAN STRONG NAMES BE CRACKED?

From: SStory (TheStorys_at_TAKEOUTTHISSPAMBUSTERsofthome.net)
Date: 03/04/04 

Date: Wed, 3 Mar 2004 22:37:16 -0600

hmm..
Interesting.
And I understand your points.
I know there is no fool proof system
you can get keys for winzip and anything else for serial 2000
but come on. ILDASM the exe or dll and read anything in it even if you
aren't even a good cracker? That is a bit much I think to expect developers
to swallow.

Plus although what you say is true, there surely are better answers
than--lets do nothing and let our code go everywhere. Try breaking winzip
protection... not that simple unless you are really good.

if it were in .net a child of 10 could do it. That is my point.

Thanks for the conversation. I am not mad at anyone. This is just really
frustrating and there seems to be very little literature on any of it.. I
know I can't be the only person thinking these things.

And again, while much of what you said is true, it profits me 0 in the
problem. So welcome to the long list of sources of information that
basically don't help at all.

Guess you don't have any answers or you would have given them.... I sure
don't or I wouldn't be asking so much. Just trying to put together a
working deployment solution that isn't so easily cracked by just anyone. If
MS loses 2.6 million big deal--out obillions it is nothing.
But if a peon like me loose $26000 on something I am selling or even $2600
that is a big deal to me.

Take care,

Shane

"Tom Leylan" <gee@iamtiredofspam.com> wrote in message
news:uh0FGqXAEHA.3248@TK2MSFTNGP11.phx.gbl...
> "SStory" <TheStorys@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote...
>
> Well Shane... if you promise not to get too crazy I'll talk it over with
you
> :-) You've brought it up before and even offered your opinion that
"anyone
> who wants to allow everyone to easily see their code is a moron." I let
it
> slide because I didn't need an argument...
>
> Security is a concern clearly. It would be hard to believe that large
> companies with software products to sell and larger companies making use
of
> that software wouldn't be interested in security. They are risking much
> more than (I imagine) you are in this case.
>
> > Well, what I want to do is insure that my dll is only called by my
exe...
>
> The first thing to consider is, is this a worthwhile goal? Perhaps it is
> _very_ important but do you really believe that I (for instance) intend to
> call your .dll if I could only get my hands on it? Again, it might be
very
> problematic but are you certain you aren't just imagining all these people
> who can disassemble and reverse engineer your creation but are unable to
> create similar software themselves?
>
> > I think one of three things:
> > 1.) Most people are using something else to not have to deal with this
> for
> > anything of real importance.
> > 2.) There is some solution but is hard to find.
> > 3.) Most people are insanely excepting the terrible security issues
that
> > Microsoft has presented us with with all this mess.
>
> Or 4) some combination of the above plus the knowledge that preventing
theft
> is trade-off. There is no perfect solution and there never will be.
That's
> why the music industry was worked up over music piracy and the movie
> industry is concerned about DVD piracy. Apparently illegal copies of "The
> Passion" (Mel Gibson's movie) are already available on the street. Would
> you like to purchase a fake Rolex watch?
>
> > How can you really distribute code--even a simple app, that needs to be
> > updated and all and get any revenue from your work, under these
> conditions?
>
> Yet people do it. WinZip is doing well (so far as I know) and I
registered
> my copy despite the fact that you don't have to in order to use it. How
> many illegal copies of most games and products like Norton Antivirus, MS
> Office, PhotoShop and such do you think there are? I found an estimate
from
> a few years back (and of course it is largely a guess) that estimated
piracy
> costs the software industry $2.6 billion annually. That's a lot of
> software.
>
> > Every ofuscator and encryption company claim to be the best.. Yet after
> > more than a week of reading and discussing I don't feel real good about
> any
> > of these solutions, and since code is so easy to decompile no solution
> seems
> > to offer much protection. Seems like a giant step backward.
>
> This isn't the first time. Java suffers the same problem (see: Mocha) as
> did VB3 and FoxPro and Clipper and other languages that produce
intermediate
> code. The step is "backwards" if decompiling is your primary goal. There
> are alternative goals and non-native code compilers fill that niche.
>
> > Am I missing something here? Is there a good solution? Will there be?
Or
> > should I just invest my time in learning something else that is more
> secure?
> > I'm really wanting some answers.
>
> There is no good solution for all sorts of things. You can be run over by
a
> car or your car can be hit by an uninsured driver. You can lose your
house
> in a flood or a tornado. You can get mad cow disease or the asian flu.
> Somebody can take the CD you distribute your software on and clone 1000
> copies of it.
>
> I'm not just making fun, seriously what measures would you suggest be
taken
> to insure you don't lose revenue and nobody else uses your .DLL? If you
> have a solution (and particularly if it can be applied to software, music
> CDs and movie DVDs) you are on your way to success. Everybody wants such
a
> solution, you aren't the first to ask for it and I'll wager the companies
> losing millions are as concerned as you.
>
> Should you invest your time learning something more secure? Sure, what
> would that be? Are the losses incurred by MS, Symantec, et.al. due to
their
> choice of language? Is it the O/S which you are going to change? Perhaps
> get into manufacturing goods, they're never stolen... banks are never
> robbed... Earth can be a dangerous place, people do stupid things for
> short-term gain... there is no technological solution to the clever,
> desperate, determined criminal. That's why they have jails :-)
>
> Tom
>
>
>
>

Loading