Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-20-2003, 09:34
nine
 
Posts: n/a
Digital signature in network protocol

It may be a bit offtopic, but I'd like to know what expert ppl on this board think about this -
At hxxp://lkml.org/archive/2003/7/17/124/index.html you can see the message from the owner of the BitKeeper software, proprietry source code management software. According to that message, he says he can "put digital signatures into the protocol to prevent your clone from interoperating with BK." Is this possible at all? When I can crack and made up exactly the same signature from cracked/clone copy to valid copy to emulate it, such digital signature seems to mean nothing. Am I wrong somewhere?
Reply With Quote
  #2  
Old 07-20-2003, 17:44
koncool
 
Posts: n/a
Have you had a look at eLicense? DAMN made a proxy which generates the key and does not contact the server at all...

I don't see the point... Using a logged proxy you can "spy" the "conversation" and find out the signature, except if the
makers of BK make some kind of odd algorithm which makes
a signature from a computer hardware ID or something like
that. The future will tell!
Reply With Quote
  #3  
Old 07-23-2003, 23:09
ArC ArC is offline
VIP
 
Join Date: Jan 2003
Location: NTOSKRNL.EXE
Posts: 172
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 17 Times in 12 Posts
ArC Reputation: 1
Digital signatures are created by using hash algos like md4/5 or sha(1) (prefered) and public and private keys.

In order to create digital signatures which are accepted by the server you will have to know the private key which is used in order to create the signature. If you know it, you will be able to create "fake" signatures which are accepted by the server.

However, if the guys implemented the algo correctly, there's no way to use a "generic" signature or something smilar.
Reply With Quote
  #4  
Old 07-25-2003, 23:46
nine
 
Posts: n/a
Quote:
Originally posted by ArC

In order to create digital signatures which are accepted by the server you will have to know the private key which is used in order to create the signature. If you know it, you will be able to create "fake" signatures which are accepted by the server.

However, if the guys implemented the algo correctly, there's no way to use a "generic" signature or something smilar.
Then how those legitimate clients can connect BK server? If people have no access to BK server there will be no way to intercept, but the product BK selling includes those servers.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ARK for WINDOWS x64: WIN64AST(with digital signature) exeu x64 OS 1 05-01-2013 07:12
VATARI - Digital String Technology imagin General Discussion 3 12-05-2006 03:32


All times are GMT +8. The time now is 17:23.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX