Re: CAN STRONG NAMES BE CRACKED?
From: SStory (TheStorys_at_TAKEOUTTHISSPAMBUSTERsofthome.net)
Date: 03/05/04
- Next message: Sylvain Audet: "Re: Registering font at runtime under Windows XP"
- Previous message: CJ Taylor: "Re: I need help with a login form too"
- In reply to: Richard: "Re: CAN STRONG NAMES BE CRACKED?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 5 Mar 2004 15:53:42 -0600
Richard,
Points taken.
No, I have just generated a lot of discussion to bounce my thoughts off
everyone to get to the truth.
But tell me this.. If I strongname and exe and if I had a dll and
strongnamed it (both same key).
Wouldn't that mean that no one could change it and have it execute
afterwards because .NET would balk on executing it because the strongname
wouldn't match? If that is the case then the problem is mostly solved.
Yes...ofuscating is definitely a must.
Then distribution and the issues caused by ofuscation---stack trace
gibberish, updates, etc.
Are unfortunately all issues that I have had to try and become well learned
in although I have never before had to deal with any of this. Has been
frustrating and I am sure I am not alone.
ASP.NET is great. ADO.NET--sometimes great--sometimes aggravating(coming
from ADO).
There are lots of pluses to .NET don't get me wrong.
Unfortunately, it probably takes each of us who try to distribute a cheap
simple app for $, quite a while to weed through hype and promises of various
sources and decide which is the best overall way to go for all of these
issues.
Thanks for your thougths Richard,
Shane
"Richard" <google@intermension.com> wrote in message
news:ee94cb69.0403051331.2137b1a1@posting.google.com...
> My point of view is that strong naming and associated securitys do a
> very good job of preventing someone else from passing their work of as
> yours. If you look at much of the documentation and online banter, the
> main angle seems to be in the giving the user/admin piece of mind that
> the code they are running does in fact come from the author it
> proports to... this is very important with all these virus hacks
> running around.
>
> This is a very key area of trusted computing. Security is a huge topic
> and I believe the tools that Microsoft and the .NET framework offer us
> to solve the problems they were designed, work for very well. I dont
> know about you but my life has become a whole lot easier since ASP.net
> and the security features it can now embody have been made available.
>
> I think your asking the wrong question in your subject re:cracking
> strong names. Strong names were not designed to prevent reverse
> engineering of products and the protection of your intellectual
> property, which is essentially what you are talking about. Its a
> different animal. My take is that strong names are an important piece
> of the puzzle for the user, not the developer, to ensure they can
> safely run code locally, in a distributed computing environment.
>
> Other posters have already talked about the your problem as a whole
> re:the music industries, hollywood etc, so im not going to repeat
> their comments. I think you've asked the wrong question. You also have
> to look at what Microsoft are trying to do with the .NET framework,
> and accept the trade offs that are inherent within that objective and
> that come with having an interpreting
> virtual machine that is the CLR.
>
> Personally im happy with the trade off. Obfuscate your code, make a
> few encrpyted registry entires or use a validating web service, if you
> feel you need too and keep your eyes and ears open for new
> intellectual property security techniques. Thats the best i can offer.
>
> You also need to look at the trade off between your product price
> point and the amount of time and effort it takes to crack your code.
> If your facing this problem alone chances are your software is not
> going to priced in the hundreds or thousands of dollars, unless your a
> programming dynamo, in which case you wouldn't need my help. If your
> talking about a $30, $40, $50 product then you have a much higher
> trade off for the user, tracking down a crack for your program, if one
> is even available, knowing how to apply it, avoiding malicious code
> and trogan horses/diallers etc, rather than just forking over the $50
> bucks or whatever to a trusted source.
>
> You can point to Winzip,etc but if you've got an app with that kind of
> market share then congratulations are in order... it s a cracking
> problem i'd love to have.
>
> You also seem to be assuming that every user is a cracker/user of
> cracks when the vast majority of users are only just capable of doing
> a basic install and checking their email. Security is definitely a hot
> topic that needs to be thought about from the beginning but it almost
> sounds as if your saying why bother if the current environment is not
> air tight. My suggestion is to create a competitive, useful and
> succesful product and lament the fact that your getting ripped off.
>
> I dont yet know of any technique that is 100%, but thats an industry
> problem, not Microsofts' alone.
>
> Hth
> Richard
- Next message: Sylvain Audet: "Re: Registering font at runtime under Windows XP"
- Previous message: CJ Taylor: "Re: I need help with a login form too"
- In reply to: Richard: "Re: CAN STRONG NAMES BE CRACKED?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
