• Developer Zone
• Lists Home
• FAQ

On Tue, May 27, 2003 at 03:43:14PM -0500, mos wrote:
> Correct, which is why I have a means of compressing and *encrypting* the 
> .exe file. I can also lock it to the person's machine (or server) so it 
> won't fall into the wrong hands.

All such methods have been broken.

If they weren't, the major software companies would all be using them to
prevent cracking ... remember that the EXE has to decrypt itself.

Usually it contains an obfuscated series of jumps that decrypt its image
in memory while at the same time changing word offsets within the image
so the decompile looks wrong from within a debugger.

A couple anti-tracing measures and it makes it pretty hard to reverse-
engineer, but people still do it.

> Other databases that use encryption will decrypt the information when a row 
> is accessed, so there is no unencrypted data lying on the hard drive. It is 
> extremely fast and I don't notice a speed difference between encrypted and 

If I were going to trust anything to be secure, it would involve data that was
encrypted to the public keys of the users who deserve access *before* being
sent to the database for storage.  This of course prevents the use of indexing.

Anything else has the problems others have mentionned.
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd.     (Hosting, Security, Consultation, Database, etc)
http://www.fibrespeed.net/~mbabcock/

Attachment: [application/pgp-signature]