 |
|
| Science Forum Index » Cryptography Forum » One-way license number... |
|
Page 3 of 3 Goto page Previous 1, 2, 3 |
|
| Author |
Message |
| Carsten Krueger... |
 Posted: Mon Oct 19, 2009 6:10 am |
|
|
|
Guest
|
Am Fri, 16 Oct 2009 23:34:14 GMT schrieb Robert Scott:
[quote]I'm not worried about a few pirates using my software on their cracked phones.
[/quote]
You should check if a few pirates isn't a great number.
For iPhone it's at least every second user.
[quote]I am worried about a few pirates making it possible for many others with
non-cracked phones to use my software for free.
[/quote]
Digital signature scheme with sufficient long key.
greetings
Carsten
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/ |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Mon Oct 19, 2009 12:29 pm |
|
|
|
Guest
|
OK, I guess it is time to explain the algorithm I first posted. First, let me
thank any and all of you who spent any time looking at the code.
The algorithm is basically matrix multiiplication over GF(2^6). The za[] array
is the addition table and the zb[] array is the multiplication table. The ze[]
array started out as a random non-singular 11x11 matrix. Since ze[] is
non-singular, it has an inverse, and that is the secret part of the algorithm.
Of course, now that you know, you too can compute the inverse.
Now for the obfuscations. The za[] array entries, instead of (x + y) are
actually:
Pa[ Pai[x] + Pbi[y] ]
where Pa and Pb are random permutations on 64 elements, and Pai and Pbi are
their inverses. And the zb[] entries, instead of (x * y) are actually:
Pb[ x * Pci[y] ]
where Pc and its inverse, Pci, are another random permutation. Finally, the
ze[] matrix was modified by applying Pc to every entry. So permutations in the
dot products cancel each other, and the result is a permuted form of the true
matrix multiplication. But the "+" and "*" tables are no longer symmetric,
otherwise they might have been given away immediately.
But you may notice that ze[] is missing the last two rows. That is because I
wanted to avoid using "0" (the additive identity) and "1" (the multiplicative
identity) in either table. No matter how the entries are permuted, the fact
that one row and one column of zb[] is composed of 64 identical elements could
not escape attention. So I replaced the "0" and "1" column and row in the
tables with random permutations. This, of course, would break the essense of
matrix multiplication if any of those entries were ever actually used in the
computation. So I started out with the 9-element vector (name) and did a brute
force search over the 4096 ways in which it could be augmented to an 11-element
vector, keeping the first hit I found where "0" and "1" was not involved in the
calculation. It turns out the probability is so high that the search usually
ended after less than 20 trials. And of course ze[] had to be chosen initially
to contain no "0"s or "1"s, or the search would never succeed. So now that only
9 elements of the result of the matrix multiplcation matter, I simply removed
the bottom two rows of ze[].
Of course this method is useless in general because it relies on security
through obscurity, rather than on an easily-changed key.
And the obscurity is no longer obscure. But I hope you were entertained, if you
did spend any time on it.
Bob Scott, Michigan |
|
|
| Back to top |
|
|
|
| Carsten Krueger... |
| Posted: Sun Oct 25, 2009 12:56 pm |
|
|
|
Guest
|
Am Sat, 17 Oct 2009 13:02:57 GMT schrieb Robert Scott:
[quote]But I wonder how Microsoft does Windows activation over the phone. They have a
reasonably short license number, which is custom for each customer. They must
not be using any public key technology either.
[/quote]
It's public key technolgoy. Otherwise there would be an offline activator
for years.
greetings
Carsten
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/ |
|
|
| Back to top |
|
|
|
| Giuliano Bertoletti... |
| Posted: Thu Oct 29, 2009 12:39 pm |
|
|
|
Guest
|
Robert Scott ha scritto:
[quote]This is sort of a digital signature problem. However I needed a signature (license number) that was
suitable for manual transcription - i.e. less than 30 characters. I think this leaves out RSA. The target
is a smartphone application license activation. I have a smartphone application that is a free
download, but needs activation to convert it from limited features to full-featured.
[...]
[/quote]
In my experience, the best approach for short license codes is to use
Hidden Field Equations or variants of that. The trapdoor function relies
on the hardness of solving systems of multivariate equations.
I've posted a challange more than one year and an half ago on a crackme
site and still nobody was able to create a keygenerator.
http://www.crackmes.de/users/gbe32241/sddecoder/
While this doesn't mean the algorithm is strong, I believe it's harder
than most homebrew schemes. In theory it should give a complexity of
2^84 with a 25 charcarters code.
There's also a description of how I did it, that I posted on this group:
try googlin' around with "Algorithm license codes".
For example I found my post stored there:
http://www.derkeiler.com/pdf/Newsgroups/sci.crypt/2008-12/msg00326.pdf
Cheers,
Giulio. |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Thu Oct 29, 2009 5:45 pm |
|
|
|
Guest
|
On Thu, 29 Oct 2009 19:39:48 +0100, Giuliano Bertoletti <gbe32241 at (no spam) libero.it>
wrote:
[quote]In my experience, the best approach for short license codes is to use
Hidden Field Equations or variants of that. The trapdoor function relies
on the hardness of solving systems of multivariate equations.
[/quote]
Did you read my explanation of the system I designed, which I posted on
10/19/2009? |
|
|
| Back to top |
|
|
|
| CatId... |
| Posted: Fri Oct 30, 2009 7:38 am |
|
|
|
Guest
|
Giuliano,
Thank you very much for mentioning your earlier post. This is
impressive and useful at the same time.
http://catid.org
--
--------------------------------- --- -- -
Posted with NewsLeecher v3.95 Beta 3
Web at (no spam) http://www.newsleecher.com/?usenet
------------------- ----- ---- -- - |
|
|
| Back to top |
|
|
|
| Giuliano Bertoletti... |
| Posted: Fri Oct 30, 2009 2:46 pm |
|
|
|
Guest
|
Robert Scott ha scritto:
[quote]On Thu, 29 Oct 2009 19:39:48 +0100, Giuliano Bertoletti <gbe32241 at (no spam) libero.it
wrote:
In my experience, the best approach for short license codes is to use
Hidden Field Equations or variants of that. The trapdoor function relies
on the hardness of solving systems of multivariate equations.
Did you read my explanation of the system I designed, which I posted on
10/19/2009?
[/quote]
Yes, there seems not to be any trapdoor function which would make hard
to reverse the steps of the decoder.
The only way to make your scheme secure against reverse engineering is
to base it on asymmetric crypto which allows you not to embed encoding
details (private key) into the decoder (which is public).
Cheers,
Giulio. |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Mon Nov 02, 2009 6:42 am |
|
|
|
Guest
|
On Fri, 30 Oct 2009 21:46:33 +0100, Giuliano Bertoletti <gbe32241 at (no spam) libero.it>
wrote:
[quote]Robert Scott ha scritto:
On Thu, 29 Oct 2009 19:39:48 +0100, Giuliano Bertoletti <gbe32241 at (no spam) libero.it
wrote:
In my experience, the best approach for short license codes is to use
Hidden Field Equations or variants of that. The trapdoor function relies
on the hardness of solving systems of multivariate equations.
Did you read my explanation of the system I designed, which I posted on
10/19/2009?
Yes, there seems not to be any trapdoor function which would make hard
to reverse the steps of the decoder.
[/quote]
Yes, now that I've told you it is matrix multiplication over GF(2^6). But would
you have been able to deduce that from the encoding function's code? |
|
|
| Back to top |
|
|
|
| David Eather... |
| Posted: Mon Nov 02, 2009 8:04 am |
|
|
|
Guest
|
Robert Scott wrote:
[quote]On Fri, 30 Oct 2009 21:46:33 +0100, Giuliano Bertoletti <gbe32241 at (no spam) libero.it
wrote:
Robert Scott ha scritto:
On Thu, 29 Oct 2009 19:39:48 +0100, Giuliano Bertoletti <gbe32241 at (no spam) libero.it
wrote:
In my experience, the best approach for short license codes is to use
Hidden Field Equations or variants of that. The trapdoor function relies
on the hardness of solving systems of multivariate equations.
Did you read my explanation of the system I designed, which I posted on
10/19/2009?
Yes, there seems not to be any trapdoor function which would make hard
to reverse the steps of the decoder.
Yes, now that I've told you it is matrix multiplication over GF(2^6). But would
you have been able to deduce that from the encoding function's code?
[/quote]
So your function is wonderful because one person, working without
resources, in there very little spare time, might have had some
difficulty reversing your code, and you think this makes it what, secure?
What do you think will happen if someone or some group think it is worth
spending a little time on? If your counting on the non-invertiblity of
matrix functions you should read "In Code" by S Flannery - who broke a
whole system based on that idea. Her work is all the more interesting
because she was still in school at the time. |
|
|
| Back to top |
|
|
|
| Robert Scott... |
| Posted: Mon Nov 02, 2009 1:22 pm |
|
|
|
Guest
|
On Mon, 02 Nov 2009 23:04:06 +1000, David Eather <eather at (no spam) tpg.com.au> wrote:
[quote]So your function is wonderful because one person, working without
resources, in there very little spare time, might have had some
difficulty reversing your code, and you think this makes it what, secure?
[/quote]
Of course not. If you read what I said about it earlier, I knew full well this
was not secure in the sense that RSA is secure. But I did do 90% of the work
for you by presenting the code in C rather than in ARM assembly, which the
typical pirate would be confronted with, and the code was posted for enough days
to generate over 20 responses, and no one even suggested that it might be matrix
multiplication. And without that realization, no one could have inverted that
code. |
|
|
| Back to top |
|
|
|
| Giuliano Bertoletti... |
| Posted: Mon Nov 02, 2009 4:21 pm |
|
|
|
Guest
|
Hello,
Probably not me and not for free anyway.
But there're crazy people out there that can reverse anything, but they
need motivations.
Also, people in this group are generally reluctant to play hide and seek.
Cheers,
Giulio.
Robert Scott ha scritto:
[quote]
Yes, now that I've told you it is matrix multiplication over GF(2^6).
But would
you have been able to deduce that from the encoding function's code?
[/quote] |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Sun Nov 29, 2009 1:09 am
|
|