Re: CAN STRONG NAMES BE CRACKED?
From: Tom Leylan (gee_at_iamtiredofspam.com)
Date: 03/04/04
- Next message: Ken Tucker [MVP]: "Re: Master-> Detail-> Detail with datagrids"
- Previous message: Tom Shelton: "Re: Remoting a Windows Service Application"
- In reply to: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
- Next in thread: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
- Reply: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 4 Mar 2004 01:17:19 -0500
Hi again,
"SStory" <TheStorys@TAKEOUTTHISSPAMBUSTERsofthome.net> wrote...
> I know there is no fool proof system you can get keys for winzip and
> anything else for serial 2000 but come on. ILDASM the exe or dll
> and read anything in it even if you aren't even a good cracker?
But either way one loses the income. The loss of .Net-based software has
been established. Of course it is a concern, the industry has pointed this
out and I mentioned it in my response. Is the .Net issue larger than all
previous issues?
> Plus although what you say is true, there surely are better answers
> than--lets do nothing and let our code go everywhere. Try breaking winzip
> protection... not that simple unless you are really good.
>
> if it were in .net a child of 10 could do it. That is my point.
I'm not certain that is the case but if I give you a .Net program run the
obfuscator (I assume you are over 10) can you return the source code to me?
I pointed out Java specifically and even gave you the name of a decompiler.
Are you familiar with the issues in Java and/or that product? I'm simply
saying you aren't the first person to notice the problem...
I don't need to break WinZip protection I bought it. Why would I try to
break your .DLL if I needed it I would buy it. If somebody won't license
WinZip surely they are stealing all sorts of software that cost far more.
> Thanks for the conversation. I am not mad at anyone. This is just really
> frustrating and there seems to be very little literature on any of it.. I
> know I can't be the only person thinking these things.
It has been frustrating for some 20+ years now. I wrote my first commercial
programs using an interpreter... if you wanted to see the source code you
could list it with the CP/M TYPE command. If you wanted a copy of your own
you had to use PIP however. :-)
> Guess you don't have any answers or you would have given them.... I sure
> don't or I wouldn't be asking so much. Just trying to put together a
> working deployment solution that isn't so easily cracked by just anyone.
If
> MS loses 2.6 million big deal--out obillions it is nothing.
> But if a peon like me loose $26000 on something I am selling or even $2600
> that is a big deal to me.
What answers? The "this will keep your code safe" just do this solution?
Obfuscation is the best solution that I am aware of you don't appear to want
to settle for that. MS isn't losing $2.6 million. I mentioned the industry
estimated 2.6 "billion" with a B. Put 2 plus 2 together and you should be
able to see that if they could do something to combat the loss they would.
What have you lost so far with your product? Nothing right? Are you
estimating a smaller loss if you right it in C++ or if you write it for
Linux?
> If you just work for someone else. I guess, who cares is the philosophy of
> many..... not my problem.. not my money. But if you want to sell something
> then it becomes a problem.
Shane you're young if I'm not mistaken. Not that it has much to do with
anything but I didn't write that the philosophy of "who cares" should
prevail. People in the industry aren't stupid, developers aren't dumb,
companies that spend money to develop obfuscators aren't rip-offs. We get
the point that you believe a) something needs to be done and b) it should be
cheap.
I'm suggesting that with age comes the realization that "don't hold your
breath" is probably good advice.
> Hope you understand my point of view and don't take any of this in a evil
> tone. I don't wish to sound offensive in any way. Just expressing my
> opinion.
I will guess that we all understand your point of view. When you solve the
problem of software piracy, decompilation and reverse-engineering what do
you intend to charge for your product? I hope it will solve the problem and
be reasonably priced... any idea when it will be ready?
Before you begin you might want to look at some of the research... I've done
some for you. Recall the DES 56-bit encryption standard still used today
and at one point considered uncrackable. It was eventually cracked in less
than 3 days (now done in less than a day.) It is estimated that a machine
can be built to crack it in about 3 1/2 hours. The US government imposes a
limit on the key length (40-bits) on exported crypto products and it is
estimated that that can be cracked using the same technology in about 12
seconds.
> My 2 cents worth,
> Shane
Take care,
Tom
- Next message: Ken Tucker [MVP]: "Re: Master-> Detail-> Detail with datagrids"
- Previous message: Tom Shelton: "Re: Remoting a Windows Service Application"
- In reply to: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
- Next in thread: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
- Reply: SStory: "Re: CAN STRONG NAMES BE CRACKED?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
