[EMAIL PROTECTED] wrote on 2003-08-19: > The program can probably be attacked in several ways, one way I can > think of right now is to replace the public key in the program so it > matches the attacker's invented private key. Another is that the code > which checks the license will be skipped altogether. > The complexity of replacing the public key is about as low as of replacing any non-signed hidden data (like simply the timestamp). I don't see what can you gain from the cryptography here. It would make more sense if you can arrange more centralized storage of the public key, e.g. the program will pick it from the net and will use the same host for some other operations needed for it to function (so that simply replacing the host won't help).
-- Beni Cherniavsky <[EMAIL PROTECTED]> ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
