[DUG]: Software Expiry Codes - OnGuard

[David Brennan]

Hi,   I am about to implement security codes which verify the user/site is allowed to run my software. I am envisaging that each site will be given a code and each code will be built using the site/company name and an expiry date. Thus the code won't work if the site name is different, nor will it work after the expiry date (naturally it also won't work for a different product).   OnGuard from TurboPower provides exactly these features. As far as I can see it works as follows:     You embed a unique and private product key in the application.     The user enters the code they obtained for their product.     The application checks the code by building a new code from the product key, site name, expiry date and checks it against the code the user entered. If they match then everything is OK.   My problem with this is that the product keys need to be embedded in the application. With these keys and their own copy of OnGuard a user/hacker could build their own valid codes for any site name or expiry date. I don't know how hard it would be for a hacker to extract the keys from an application (the recommended approach for embedding them would appear to be constants of type TKey which is a 16 byte binary value) but I suspect it wouldn't be too hard.   Has anyone considered this issue before? Is there a way of encrypting the keys in the executable so that they are harder to obtain or does Delphi make it hard enough as it is? Or is there a better tool than OnGuard out there?   Thanks for your help.   David Brennan. DB Solutions Ltd.