PGP source code

[Nexus]

----- Original Message -----
From: "Richard Clayton" <richard@demon.net>
To: <UKcrypto@chiark.greenend.org.uk>
Sent: Tuesday, September 04, 2001 1:34 PM
Subject: Re: PGP source code
[snip]
> There are many companies that would like to ship software that only ran
> on your machine and no other. Reading MAC addresses from Ethernet cards
> is as nothing to encrypting the binary for your particular CPU [or four]
[snip]

The MAC address can be trivial to change dependant on your OS.   One high
availability firewall product springs to mind as it _requires_ that you can
duplicate MAC addresses across hosts for it to work.   CPU ID's or even any
form of hardware based ID are subject to the same problems.   Whatever
hardware device you use, the software will have to use an OS based API or
some form of hardware abstraction layer to query the device for whatever ID
you are after - you just have to insert your own shim into the OS and return
the values you want returned.   The software is at the mercy of the OS and
if you control the OS, software loses every time IMHO.   How many licence or
unlock code routines use tortuous decryption or obfuscation routines only to
end in a single conditional jump ?
How many hardware "dongles" suffer from the same oversight ?   Have these
people never heard of a Logic Analyser or a CRO ?
Is that the patter of little DMCA jackboots outside my door.... ;-)

Cheers,
            JJ