I have to license a java application and want to code a quick implementation, the scheme I came up with is: • The Application calculates a string X which we assume to be the md5 sum of the computer's mac address, the current date and some other information. • the application returns a string Y equal to the last 16 digits of X to the user • the user contacts the Software Support office giving Y and the office encrypts Y using AES with a secret key and returns a string Z equal to the last 16 digits of the encrypted Y • the user inputs Z in the application and this checks that Z is equal to its own Z which is calculated the same way as at the Software Support. If the two are the same the software unlocks. Now I would like to know whether two assumptions are reasonably safe or not: • Assume a cracker knows how Y is calculated and can calculate it for its own copy of the software and uses this Y to request a Z to the support center and unlock his copy of the software. Is it possible he will be able to calculate for every possible Y he wants a matching Z to unlock any copy of my software? • Because my software contains the encryption key inside the application bytecode a cracker with enough knowledge can decompile the encryption key and create his own Z to unlock the program (assume I tried my best obfuscating the code). Dolphin Browser For Pc. Jhankar Beats S. A solution would be to use public key cryptography, however this would be useless in my opinion because if a cracker is able to decode the compiled bytecode of the application he will totally bypass whatever encryption scheme I will put because in the end there will always be a part of the code checking for a condition and setting that condition always to true will bypass any encryption scheme I will come up with.
These algorithms are described in the KeyGenerator section of the Java Cryptography Architecture. If this key generator requires. Use is subject to license. Download Java License Generator for free. Jicense is a license generator for the products or projects developed using Java language. You could customize.
To begin with, let's assume that the attacker cannot extract the AES key from your software. Wibu Box Crack 2017. That means the best they can do is a chosen-plaintext attack on AES: choose a block $Y$, request its encryption $Z$, repeat as many times as desired and try to use the results to figure out something useful about the encryption of other plaintext blocks. Since AES is believed to be IND-CPA secure, i.e. Indistinguishable from a random permutation under chosen plaintext attacks, this is not likely to work. If the attacker cannot somehow distinguish AES from a random permutation (which, if AES is as secure as it's assumed to be, they shouldn't be able to do), all they can do is try to compile a long list of plaintext/ciphertext pairs and hope that the key they want to crack is found in the list. But as long as you don't truncate the inputs too much, that isn't likely to happen either. (You don't specify what you mean by a 'digit', but as long as one digit contains at least 4 bits, 16 digits amounts to at least 64 bits, which should be sufficient.) However, that's all assuming that the attacker cannot just extract the AES key from the software.
