Internal security of Rev?
Dar Scott
dsc at swcp.com
Wed Jul 12 00:27:40 EDT 2006
On Jul 11, 2006, at 8:56 PM, John Tregea wrote:
> Like putting a big padlock on the door with a note stuck to it
> saying "the key is under the mat".
Yes.
You need to write the note in pig-latin.
(almost) The best you can do is obfuscation. Don't put your key in
one place. Don't leave your key in your code in a form that looks
like a key from an editor. Don't use a script that can be seen by a
text editor. Even machine language is just obfuscation. Everybody
has this same problem to some degree.
However, there are a few things you can do.
1
If you assume a paying customer is less likely to try to break your
encryption, then put part or all of the decryption key in the
software enabling key (serial number or whatever you call it).
2
Don't put all your eggs in one basket. Don't use the same encryption
key for all modules or all products. This is even better when
combined with #1.
3
Don't keep decrypted pieces in files. Not very long, if you have to.
And most of all...
4
Keep motivation by sneaks low: Keep your price low. Come out with
something better, soon. Provide good support. Fix bugs. Make sure
the software is flexible. Be ready to license and supply OEM
components. Your happy customers will never notice that there is an
encryption challenge; be ahead of them on what you give them.
Dar Scott
More information about the use-livecode
mailing list