RE: [DUG]: Software Expiry Codes - OnGuard

[Patrick Dunford]

If you are encrypting keys then it seems to me that you are also including in some form, the code that will encrypt and decrypt them in your application.At what point can a hacker discover the code in your application that enables them to decrypt your keys?   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Brennan Sent: Wednesday, 21 February 2001 09:26 To: Multiple recipients of list delphi Subject: [DUG]: Software Expiry Codes - OnGuard Hi,   I am about to implement security codes which verify the user/site is allowed to run my software. I am envisaging that each site will be given a code and each code will be built using the site/company name and an expiry date. Thus the code won't work if the site name is different, nor will it work after the expiry date (naturally it also won't work for a different product).   OnGuard from TurboPower provides exactly these features. As far as I can see it works as follows:     You embed a unique and private product key in the application.     The user enters the code they obtained for their product.     The application checks the code by building a new code from the product key, site name, expiry date and checks it against the code the user entered. If they match then everything is OK.   My problem with this is that the product keys need to be embedded in the application. With these keys and their own copy of OnGuard a user/hacker could build their own valid codes for any site name or expiry date. I don't know how hard it would be for a hacker to extract the keys from an application (the recommended approach for embedding them would appear to be constants of type TKey which is a 16 byte binary value) but I suspect it wouldn't be too hard.   Has anyone considered this issue before? Is there a way of encrypting the keys in the executable so that they are harder to obtain or does Delphi make it hard enough as it is? Or is there a better tool than OnGuard out there?   Thanks for your help.   David Brennan. DB Solutions Ltd.