Digital signature in network protocol
 

It may be a bit offtopic, but I'd like to know what expert ppl on this board think about this -
At hxxp://lkml.org/archive/2003/7/17/124/index.html you can see the message from the owner of the BitKeeper software, proprietry source code management software. According to that message, he says he can "put digital signatures into the protocol to prevent your clone from interoperating with BK." Is this possible at all? When I can crack and made up exactly the same signature from cracked/clone copy to valid copy to emulate it, such digital signature seems to mean nothing. Am I wrong somewhere?

Have you had a look at eLicense? DAMN made a proxy which generates the key and does not contact the server at all...

I don't see the point... Using a logged proxy you can "spy" the "conversation" and find out the signature, except if the
makers of BK make some kind of odd algorithm which makes
a signature from a computer hardware ID or something like
that. The future will tell!

Digital signatures are created by using hash algos like md4/5 or sha(1) (prefered) and public and private keys.

In order to create digital signatures which are accepted by the server you will have to know the private key which is used in order to create the signature. If you know it, you will be able to create "fake" signatures which are accepted by the server.

However, if the guys implemented the algo correctly, there's no way to use a "generic" signature or something smilar.

Then how those legitimate clients can connect BK server? If people have no access to BK server there will be no way to intercept, but the product BK selling includes those servers.