On Tue, May 27, 2003 at 03:43:14PM -0500, mos wrote: > Correct, which is why I have a means of compressing and *encrypting* the > .exe file. I can also lock it to the person's machine (or server) so it > won't fall into the wrong hands.
All such methods have been broken. If they weren't, the major software companies would all be using them to prevent cracking ... remember that the EXE has to decrypt itself. Usually it contains an obfuscated series of jumps that decrypt its image in memory while at the same time changing word offsets within the image so the decompile looks wrong from within a debugger. A couple anti-tracing measures and it makes it pretty hard to reverse- engineer, but people still do it. > Other databases that use encryption will decrypt the information when a row > is accessed, so there is no unencrypted data lying on the hard drive. It is > extremely fast and I don't notice a speed difference between encrypted and If I were going to trust anything to be secure, it would involve data that was encrypted to the public keys of the users who deserve access *before* being sent to the database for storage. This of course prevents the use of indexing. Anything else has the problems others have mentionned. -- Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/
pgp00000.pgp
Description: PGP signature
