It is high time that CocoaDev had an organized approach to discussing product security and registration issues. People’s livelihoods are at stake. But that does not mean that people’s lives are at stake. Perspective is important.
The discussion in CocoaInsecurity and MakingSecureRegistrationCodes contains much duplication, digression, and opinion, as well as many fine suggestions for how to approach the matter in a serious way
SoftwareSerializationPiracyDiscussion and MakingSecureRegistrationCodes are where writers vent their fury about piracy and strategy
There are certainly solid suggestions and alternatives contained in the other topics, but they get somewhat lost in the noise sometimes
For example, since there is no universal agreement that any scheme is 100% bulletproof, one has to decide what level of insecurity to accept. This is not exactly a strategy, but a decision which must be left up to the individual developer or shop. Nevertheless, you cannot make any other security decisions until you have made that one. Desire for 100% security is, in some sense, neurotic.
Update: PirateWatch seems to be dead and swiped by a domain parker as of Aug 17th, 2006. Suggestion: Check out http://piratewatch.org/ but see the discussion at PirateWatch before you do so
The points below are extracted from CocoaInsecurity, and may constitute an adequate executive summary of that discussion
I suppose the above list needs to list zootbobbalu’s suggestion about “peppering” code with serial number checks also, as several correspondents found that an interesting avenue…
For a wise introduction to and discussion of piracy issues see http://wilshipley.com/blog/2005/06/piracy.html (but please don’t discuss it here - that is what SoftwareSerializationPiracyDiscussion is for)
**Take a look at this page describing the RSA cryptosystem: http://en.wikipedia.org/wiki/RSA **