
由网友(灰太狼有蓝颜叫光头强)分享简介:已经有关于IP安全性之类的,但没有,我可以找到专门针对算法几及时上岗。在我目前的项目之一,我们决定去一个离线注册密钥系统的路径。There have been a few timely posts about IP security and the like, but none that I can find tha...


There have been a few timely posts about IP security and the like, but none that I can find that specifically address an algorithm. In one of my current projects, we've decided to go the route of an offline registration key system.


I imagine most of our eventual user base will be honest, so I don't think we have too much to worry about. On the other hand, I'd rather not have the casual cracker gain access without a good deal of sweat and tears.


So, what are some options for how to generate (and verify) the key? Hardware keying is most likely out because the install model is to run from a samba share on an intranet server. Also, how long should the key be?


Secondly, how big is the danger of the verification algorithm simply being Reflected out, even if it is obfuscated? Would it be better to write the algorithm in unmanaged code instead?



In my opinion, the key problem you'll face is not with your registration algorithm and level (or lack) of obfuscation.

相反,那就是:在你的$ C $一些c点可以归结为简单的二元决策 - 运行,或者退出。黑客您的系统只需要找到和调整这个决策点。

Rather, it's this: At some point in your code it comes down to simple binary decision - to run, or to exit. Hacking your system only requires finding and tweaking this decision point.

其他的一切 - 混淆,强签约,篡改检测 - 是面向使这更困难,但不能让它的是的更难

Everything else - obfuscation, strong signing, tamper detection - is oriented to make this more difficult, but it can't make it that much harder.


