Protecting Code

Mark Brownell gizmotron at earthlink.net
Sat Apr 24 12:44:34 EDT 2004 

On Saturday, April 24, 2004, at 09:06  AM, kee nethery wrote:

> We are going to have a Kagi Registration Module for RunRev and that 
> module will basically be a mini-store that someone would embed into 
> their RunRev application. When the customer decides to buy, the app 
> would call the KRM, it would gather customer purchase data (including 
> credit card info) bundle it up, send it securely to Kagi, Kagi 
> processes it, generates a registration code, and sends that code back 
> to the app, the app installs the code and the entire purchase cycle is 
> complete.

When we talked on the phone I wanted this but never thought to ask 
because it was just a dream of mine that I was wishing for. This is so 
cool. What I need is a little different. I need to send asymmetrical 
key exchange data that is originally generated from my app at 
registration time. So the Kagi side could only work for me if it could 
answer the encrypted question properly. Part of this as asymmetrical 
key exchange query is originated with my own rev_blowfishCBC algorithm.

   My app already goes strait to my Kagi sales site for registration. 
This would be so much better to leave out the browser. I guess 
suppliers could still be notified of a sale with this new system?

> Want to make sure that it is less than trivial for a malicious coder 
> to take the KRM, and hook extra code into it that would send the 
> credit card data to some other server that should not be receiving 
> credit card data, embed the modified KRM into software that they are 
> selling, and then use KRM to steal credit cards.

What you need is my 440 bit blowfish encryption to really make it hard 
to send malicious code. I would be glad to help with this if you are 
interested; that includes getting it legal to export too.

> I realize that in the end, everything is modifiable if you really know 
> your stuff and that less than trivial does not mean impossible. The 
> goal is to make it difficult to make these kinds of mods. Ultimately 
> the protection against this happening is that we will see the pattern 
> and we will be able to call in police to arrest the software author 
> who might do such a thing. I'd just like to make it difficult for 
> someone to consider this avenue of crime. It would be a rather stupid 
> crime given that only one person could commit it (the software author) 
> and the proof would be easy to establish (their software, their 
> server).
>
> The reason for regular runrev code versus an XCMD is that we would 
> like to "write once run everywhere" by making this as standard as 
> possible.
>
> Thanks, Kee Nethery

That's great news Kee.

Thanks,

Mark Brownell

More information about the use-livecode mailing list