Key Algorithm Immune to Keygen?
if I use rsa encrypt key to encrypt a static string + random data, and then, in my program, decrypt it with the correspond rsa decrypt key and check to see if static string is present, would that be immune to "pure" keygens (ones which do not modify execut开发者_JAVA百科able code)?
why do companies wanting to protect software do not do this?
sorry for bad english
Product keys usually are to be entered by the end user, and thus need to primarily fit that requirement. Do you want to enter a 100 char string? I certainly don't want to.
If the user has to enter it, and the code that reads it is accessible for reading by a malicious user (i.e. is client-side not server-side), its only a matter of skill/time/patience for the malicious user to figure out which keys are accepted by your program.
Think of it this way. The computer is a dumb monkey with a club. You give the monkey a password. The monkey hears your password, does a very long sequence of dumb operations on a piece of paper using the password and when he is finished he arrives at either a 0 (clubs you) or a 1 (lets you through.)
Since he writes this on a piece of paper, all you have to do is look at the piece of paper and make sense of the gibberish he writes and figure out what you have to do to get the monkey not to club you. It might be a long and painful process but eventually you will be able to do it.
On the flip side, lets say that the monkey works out the series of operations in his mind. Now there is no paper for you to look at, and so you're hopeless at guessing what he is doing.
精彩评论