Fog Creek Software
Discussion Board




CRC32 on exe worthwhile?

Should I put a CRC32 check on my exe before distribution or is that just an unnecessary complication? 

I do have a fairly lax registration scheme, it's not instrusive at all.  The thing is people have to connect to the database to use the program.  It's an Access database that is encrypted.  When you register, you basically "register the database" so-to-speak, so if you register with a 5 user license then only 5 clients will be able to be logged in at a time until the registration number was changed.  The number of different machines used to log in is also tracked via computer name/login name so it's easy to tell if it's being copied, but i don't really care if it's copied to different machines as long as only X number of people can use any given database.

Of course these numbers and the other registration info could start appearing on the net.

I'm wondering if a CRC32 check would be worth it?  The only thing it would make more difficult is for a hacker to find the point in the code where they would jump over the registration/crc code.

10 x 13 envelope
Wednesday, January 14, 2004

Good hackers will patch your CRC32 check in no time.

You need to do a lot better than that, if you don't want your app to be pirated a lot.

Jericho
Thursday, January 15, 2004

You could use MD5 digests or even cryptographic digests, but depending on how you code your antipiracy EVEN the best digest can be bypassed if you don't think well through through your attack model.

Li-fan Chen
Thursday, January 15, 2004

Don't bother. The people who will steal your app are not people who would otherwise pay you. Ignore them and concentrate on those with a budget for your product/service.

pdq
Thursday, January 15, 2004

Network sniffers and a good debugger will rip apart your copy protection, no matter which hash you use. ;)

Flamebait Sr.
Friday, January 16, 2004

*  Recent Topics

*  Fog Creek Home