Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to password protect files on distribution CD

Status
Not open for further replies.

rainny

MIS
Feb 7, 2003
4
CA
Hi

We have developed some software and we want to ship them on CD in encrypted form to our customers. Then we want to give them some keys to decrypt the software. We should be able to generate the passwords for our customers. We might want to put further restrictions on encryption and authorization in the future but not now.

What software do I need to use for this? If this is irrelevant to this
group, please point me to the correct one.

Thank you
Rainny
 
I suppose the simplest way would be to use WinZip or PKZip to create encrypted zip files.
Jeff

I haven't lost my mind - I know it's backed up on tape somewhere ....
 
Why encrypt the CD? Why not require a serial number or such upon installation? I think most, if not all, 'software packagers' can handle serials.
 
Hi guys,
Thanks so much for your suggestion, creating encrypted zip files and soft ware packagers. I will try yours.

cheers,
Rainny
 
I think the package by Wise can create setups that require a password before being run. Of course, each copy of your setup would use the same password, but if that's not an issue...

Chip H.
 
I have this software that i have made i do not plan to sell it,,, but i plan to distribute it amongst my friends and relatives and etc.. etc.....

What can I do so that once I make a copy of that software on the CD it cannot be copied on another blank CD

Thanks & Regards
Shaunak Sayta
 
Shaunak -

There is no way to prevent copying of the CD. You can only protect the data on the CD by using one of the techniques discussed earlier.

Chip H.
 
I'd say just encrypt the files using "PGP" and only give the private key to people that you want to have access to them.
 
Hi Dirkdiggy

If you use PGP, you need not use the Private/Public-Key Method. You can create a self decrypting Archive with only one passphrase.
hnd
hasso55@yahoo.com

 
Have you informations on cracks of PGP?
hnd
hasso55@yahoo.com

 
There's four ways that I know of to crack PGP:

1) Install a keyboard sniffer on target's PC and pick up the passphrase (like the FBI did/does).

2) Spend a half-million dollars on a Tempest sniffer and park near the target's house (available at your local NSA thrift store).

3) Find/Buy trillions of hours of CPU time (write a screen saver?)

4) Get lucky.

Chip H.

PS: If you want more info on #2, read Neal Stephenson's "Cryptonomicon".

PPS: For methods #1 and #2, your state may regard those tools as the equivalent of locksmithing tools -- illegal possession of which may be a felony.
 
Oh, I forgot method #5:

5) Kidnap target, torture them or a close relative until they reveal their passphrase.

Probably the most economical of the methods. Not very nice, though.

Chip H.
 
Don't forget truth serum and hypnosis!

I think chiph's point is understated. It would probably be cheaper and easier to rewrite the NT Kernel than to try to crack a moderate-sized PGP message.

VCA.gif
 
I know these ways to crack PGP. But my question was to ZerreZ. Perhaps he knows an other method

;)
hnd
hasso55@yahoo.com

 
hnd -

I was being totally serious. Those *are* the known methods of cracking PGP. If you do come across a way to crack PGP, here's a challenge for you. This is my public key. Tell me what my passphrase is.

Code:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.3

mQGiBDse2HIRBADW28xzXHbF62QDDMbEnyaxJIQFHADPC0CWvVwT6GWIfzBIhhuB
meMlW1Iih3Qpjy3clDNzS3p30acFHz3ErqUevRttpbaH5Bs5qinFQSUB58QQwCX2
gRNMpaWU4GI67tcAZWnIz2Bl9RKb8bBs74QQDheOp0gnoVxvyDJN3MoZXQCg/yxy
RvULi2ltcyHvE8Hf6Pd8vuUD/3k/euMZ3bD9S+QBVUx1/TrAxREaoUtfMTgslz4M
vHxYRveM2VzRmdamig5mO0oes7DMR+PPzBCkBmf3biQ5kV8xzMEv2VM5i8LxaE6L
kocnewI8Cct7pQXbhxwuW+aSVXpblbROGfb0CN8mAtiHX1nMS7XoqOJPXLjGQ9Y4
R7nwA/9/OA1ILyFaD8USH6KOVNdortdkgJnVwe/CGlu+1BJhaNVYPpI67LiIDry5
37hEPYgo1P0EWe28Qeu+vNnLrBIS4+G+/Jzck4w9OIm2P/K529zwMV3B4boNdJo1
KAhdDiqjljUgQCGRE02xwXfy6M7Cw8qjquJtf+JOOqzKtRflgbQeQ2hpcCBIb2xs
YW5kIDxjaGlwaEBwb2JveC5jb20+iQBUBBARAgAUBQI7HthyBQkGtyQABAsDAgEC
GQEACgkQ6xaDi4/VLqBAswCgo4Lai7u0LfW/Kr3vRITCiekoBAMAn0UJFHSAMpXD
sFHS3jX6ePoJ1bkOuQINBDse2HIQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu
uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89
PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa
8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/9bgZCD
lFF9ejAgzyhhpnnfQPU3tE5xJ3kdeNXpSFyxRuYfo4XZiznDG/iEeTSPtjq8mLdv
bikfdUGSJcLB8RNRdHfkH8uhAzQX7zumKEi8b+lQLKK49t3ebtP6zzDO2KuQ42fb
PEAmfgGE5u5hSHZlXSDUq9in1d8Jhx6Q9Y2Ab4pnWotHXvFWJTrKwZJBmitv7PCi
uDkfsyBrH9pVJDCFon1NIiZKy/dyaLoOuCT8SHSDQCLImAbMfyV7OcCQ296U4PSp
f27JU6GTPzt6jun/755Bx3oSN0tQlGyRud16eWDy9lGSltCa3MCYYzCejtW4d55A
/y8Ox9SPndb1ZzsmiQBMBBgRAgAMBQI7HthyBQkGtyQAAAoJEOsWg4uP1S6gOp8A
oODIOupqGqwTO92tCPseoClkYg7qAJwLUkfz8FbITwBAQVyulJpfW55TaA==
=ZkPZ
-----END PGP PUBLIC KEY BLOCK-----

Chip H.

 
Interesting challenge.... My grandson is one years old. Can anybody tell me how many grandchildren he will hug before he calculates chiph's passphrase (using existing technology)?

A bit hard to calculate? Welcome to modern cryptography.

Does NSA use "super computers" to crack PGP messages? I doubt it (it wouldn't be very efficient). You have a "super computer" on your desk. Did it reveal the pass phrase? I doubt it.

See Chiph's #1 through #5. You might try my #1 and #2 solutions in a pinch, as long as you understand that these will only work on a "willing" subject.

But, if the subject was "willing", you and the NSA would have already cracked the code and tried to go on with life, such as it is.

Don't spend much time on this question. It is a lot like the question, "What is the meaning of life?".
VCA.gif
 
I guess there's a method #6 as well:

6) Wait for a weakness to be exposed in the PGP algorithms.

Which, aside from method #5 (since I'm a strong believer in the 2nd Amendment, I wouldn't recommend using it on me), is probably the best one to use.

Although the idea of writing a screensaver is an interesting thought... I've read that the team trying to break a 64-bit MD5 value has 312,000 computers organized in the effort. They've been going at it for 4 years so far...

Chip H.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top