webber@utcs.UUCP (R. D. Webber) (08/02/85)
In article <225@sesame.UUCP> slerner@sesame.UUCP (Simcha-Yitzchak Lerner) writes: >... manufacturers will differentiate themselves in the market by >either offering rapid (24hr) turnaround for replacement keys to registered >users, or they may even supply you with a backup key at purchase. >-- >Opinions expressed are public domain, and do not belong to Lotus >Development Corp. >---------------------------------------------------------------- > >Simcha-Yitzchak Lerner > The problem with this idea, from the manufacturer's point of view, is that supplying users with replacement keys will leave unscrupulous registered users in a safer position if they wish to experiment with the dongles to find out what's inside. There is a basic problem with dongles as a security device, and indeed with any protection scheme I've ever heard of: it's always possible to examine the contents of RAM at run time. It may be difficult, e.g. a second CPU may be required to run in parallel, or to take over at some point in execution, but it always CAN BE DONE in principle. This means that the protection-related code may be excised and replaced with a non-protective patch. Obviously, such methods will not appeal to average, honest users, but they aren't real problems for protection breaking _ab initio_ anyway: they buy protection breaking software (or hardware) from others more skilled, who can often make a good living at selling it. So far I've not heard of a good scheme for defeating _them_. Bob Webber