Cocoa mail archive
Re: [ANN] OpenSSL and license keys
FROM : Nicko van Someren
DATE : Mon Sep 06 13:38:09 2004
On 6 Sep 2004, at 12:11, Allan Odgaard wrote:
> On 6. Sep 2004, at 13:01, Nicko van Someren wrote:
>
>> [...] "the key size also dictates the minimum size of the data to be
>> encrypted". This is not correct.
>
> True, what I meant was the minimum size of the encrypted data. I.e.
> the data the user receives (as his license key).
>
> So with a 1024 bit key, you cannot send the user a 64 characters
> license key, which is what I figured was the essence in this context.
OK. Perhaps the text could be clearer. One thing to note is that if
you use DSA instead of RSA then you can get 320 bit signatures even
with 1024 bit keys.
>
>> [...] You also go on to use a 248 bit key [...] a G5 PowerMac should
>> be able to factor a 248 bit public key in a few hours
>
> Also very true -- I wanted to have added some notes about key sizes
> and factoring times, but a quick Google did not reveal anything I
> could use as reference, so I put it off till I had some time testing
> it myself -- I will check your links when I have some more time, and I
> can add an update to the article.
I can factor 512-bit keys in about four weeks using a rack full of G5
X-servers, which is less resource than many university computer labs
have on tap. At this time 576-bit keys have been factored and 768-bit
is considered suspect for any long term security. Ultimately it boils
down to how much effort you think your attacker will put in and for how
long you want your software to be secure. At the moment we are still
some way from anyone getting close to factoring 1024 bit RSA moduli or
breaking 1024 bit discrete logs (used in DSA) so if you are willing to
risk fake license keys turning up in a decade or so I'd go with 1024
bit keys. If you're selling high value software that people are likely
to rip off then simple software license keys aren't going to do much to
deter the concerted attacker anyway.
Cheers,
Nicko
_______________________________________________
cocoa-dev mailing list | <email_removed>
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
DATE : Mon Sep 06 13:38:09 2004
On 6 Sep 2004, at 12:11, Allan Odgaard wrote:
> On 6. Sep 2004, at 13:01, Nicko van Someren wrote:
>
>> [...] "the key size also dictates the minimum size of the data to be
>> encrypted". This is not correct.
>
> True, what I meant was the minimum size of the encrypted data. I.e.
> the data the user receives (as his license key).
>
> So with a 1024 bit key, you cannot send the user a 64 characters
> license key, which is what I figured was the essence in this context.
OK. Perhaps the text could be clearer. One thing to note is that if
you use DSA instead of RSA then you can get 320 bit signatures even
with 1024 bit keys.
>
>> [...] You also go on to use a 248 bit key [...] a G5 PowerMac should
>> be able to factor a 248 bit public key in a few hours
>
> Also very true -- I wanted to have added some notes about key sizes
> and factoring times, but a quick Google did not reveal anything I
> could use as reference, so I put it off till I had some time testing
> it myself -- I will check your links when I have some more time, and I
> can add an update to the article.
I can factor 512-bit keys in about four weeks using a rack full of G5
X-servers, which is less resource than many university computer labs
have on tap. At this time 576-bit keys have been factored and 768-bit
is considered suspect for any long term security. Ultimately it boils
down to how much effort you think your attacker will put in and for how
long you want your software to be secure. At the moment we are still
some way from anyone getting close to factoring 1024 bit RSA moduli or
breaking 1024 bit discrete logs (used in DSA) so if you are willing to
risk fake license keys turning up in a decade or so I'd go with 1024
bit keys. If you're selling high value software that people are likely
to rip off then simple software license keys aren't going to do much to
deter the concerted attacker anyway.
Cheers,
Nicko
_______________________________________________
cocoa-dev mailing list | <email_removed>
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
| Related mails | Author | Date |
|---|---|---|
| [ANN] OpenSSL and license keys |
Allan Odgaard | Sep 6, 12:27 |
| Re: [ANN] OpenSSL and license keys |
Nicko van Someren | Sep 6, 13:01 |
| Re: [ANN] OpenSSL and license keys |
Allan Odgaard | Sep 6, 13:11 |
| Re: [ANN] OpenSSL and license keys |
Nicko van Someren | Sep 6, 13:38 |
| Re: [ANN] OpenSSL and license keys |
Dennis C. De Mars | Sep 7, 07:56 |
| Re: [ANN] OpenSSL and license keys |
Nicko van Someren | Sep 7, 17:08 |
| Re: [ANN] OpenSSL and license keys |
Charles Srstka | Sep 9, 06:30 |
| Re: [ANN] OpenSSL and license keys |
Dennis C. De Mars | Sep 9, 09:47 |
| Re: [ANN] OpenSSL and license keys |
Charles Srstka | Sep 9, 11:35 |
