Total Commander

The problem:
Currently, universities, corporations and other owners of multiuser licenses have no way to protect their keys from dishonest users, that's why we see so many illegal keys floating over the net...and universities using old TC versions, because newer ones refuse to work.

Suggested solution:
Make keys work only on specified hardware. New computer = new key. This would require one more change: Licensee would not receive a key, but a personalized _******_. Then user would run the _******_ on each machine that's meant to run TC and save the _******_ in safe place.
It would be good for personal users too as it would protect from viruses stealing licenses (_******_ can be stored in encrypted archive).

I had to decorate the word _******_, because otherwise forum shows ******.

Recreating keys when hardware changes sounds as annoying as MS' WPA and WGA crap and there will be users who will have no problems to "lose" the KG as well.

Sounds interesting for the crackers, the first working KG for TC...

Alternative proposal:
Distribute licenses with a working TC crack, so users aren't forced to install their licenses and to have their privacy penetrated with their registered usernames in titlebar.

Icfu

icfu wrote:Recreating keys when hardware changes sounds as annoying as MS' WPA and WGA crap and there will be users who will have no problems to "lose" the KG as well.

Sounds interesting for the crackers, the first working KG for TC...

Icfu

Easy to solve, ****** would act like a key too.
For crackers - useless as KGs would contain some encrypted personal data (the same what keys do now), this data (or a part of it) would be embedded, the rest - generated, but not important. And blocking pirated ones would have to work on particular keys but the common part.

Support++

Making a key bound to hardware will break the usage on an USB-stick or CD or from within a Windows-PE environment.

If you feel your key is in a unsafe (public) place, then don't put it there.
You can point to the key location on any portable media by a wincmd.ini entry. (KeyPath=X:\)
No need to put it at the TC installation folder.

sqa_wizard wrote:Making a key bound to hardware will break the usage on an USB-stick or CD or from within a Windows-PE environment.

Yes, but _******_ acting as universal key would solve this. Or more reasonable solution: _******_ is generic, but needs another kind of key, universal one, in order to work.

sqa_wizard wrote:If you feel your key is in a unsafe (public) place, then don't put it there.
You can point to the key location on any portable media by a wincmd.ini entry. (KeyPath=X:\)
No need to put it at the TC installation folder.

It's usually useless in terms of security. If anybody writes a virus, reading wincmd.ini entry is a piece of cake. The only way to make it useful is to put wincmd.ini in a different location too and start TC with /I= parameter. That's what I do now. But in general, you can't make portable one fully safe, _******_ won't help. When I wrote about single user security I meant a virus on my PC.

Another possibility: make a central licence server. Every client has to receive its licence from server on TCmd start. Licence server counts the running licences. For mobile purposes (i.e. start TCmd without contacting the licence server) a client could borrow a licence from server. The borrowed licence is bound on hardware (e.g. MAC) and has a lifetime limit.

Of course this would be an option only. The way today is maintained.

norfie² wrote:Another possibility: make a central licence server. Every client has to receive its licence from server on TCmd start. Licence server counts the running licences. For mobile purposes (i.e. start TCmd without contacting the licence server) a client could borrow a licence from server. The borrowed licence is bound on hardware (e.g. MAC) and has a lifetime limit.

Of course this would be an option only. The way today is maintained.

This denies portability.

Another option would be to bind the installation to the pc where it's first run and then does not need the key anymore to run on that pc (or untill new version is installed). When a key exists it can just use the key (for portability). Or something with protected certificate(s), where one needs a password to be able to import/export the certificate.

A license server for multiuser environments seem like a good idea though, because these environments are more sensitive for keys to be stolen.

Options do exist, but don't know if it's worth the effort, only Christian can tell.

You could also say to buy the license, but don't use the key, but then it would appear as if no license has been purchased and it would appear to be 'illegal' usage then...

I have also thought about this problem for a while. The problem is to find an algorithm which makes it impossible for a hacker/cracker to recover the original key from the one bound to the hardware.

Currently TC is using a public/private key scheme: The licence number, user name, and address are signed with my private key, and TC contains the public key to verify it. I'm therefore looking for a transformation which would moidfy the signed data or signature in a way which cannot be reversed, but the signature can still be verified. I haven't found such a mathematical method yet, and I'm not even sure whether it exists. I can't simply use a hash function like SHA, because then the signature cannot be verified any more.

One of the following methods would be possible:
1. Key server: It could return a part of the key (just the part needed to verify the signature) via HTTP or so. The downside is that the workstation would have to be connected to the company network for the key to work

2. The key server could sign a hardware signature plus the wincmd.key or part of it with a private key which I supply, and that key would then be stored locally on the PC. The downside is that people may be able to restore the original key from the new one. The solution would be to send the users a new key containing two signatures, and only one of the two would be countersigned this way. TC would check the countersigned one when using a key server, and the non-countersigned otherwise. The downside is that the public keys for these private keys would have to be included in Total Commander somehow. And if one such private key is leaked, all keys signed with it would become invalid in the next version of TC.

3. TC itself could scramble the key on its first usage. Unfortunately this would make it possible to recover the original key, because the scramble algorithm would have to be part of TC itself.

Maybe someone has a better idea?

Some thoughts:
1. Key server is not secure when users have too high rights on their machines or use insecure connections. But otherwise - ok.
2. I don't understand this option...what is server for?
The private key protection is easy. And even if it's stolen, it's not in any way worse than current situation.
3. What do you mean by "scramble"? If it's encryption with hardware hash used as a password then it would be worth something, but not much since user can get the same hash and decrypt the key.

2m^2

Hello !

• I understand "scramble" like:
- Split the key code (1024 bytes) into i.e. eight 128 bytes parts, then mix these parts, and provide an algo (from ?)
to restore the right order making the key works…
- Anyway, IMOH all hardware-related methods (Armadillo and the like) are to avoid like the plague

- Just my 0.05 €…

 KR
Claude
Clo

Clo wrote:2m^2

Hello !

• I understand "scramble" like:
- Split the key code (1024 bytes) into i.e. eight 128 bytes parts, then mix therse parts, and provide an algo (from ?)
to restore the right order making the key works…
- Anyway, IMOH all hardware-related methods (Armadillo and the like) are to avoid like the plague

- Just my 0.05 €…

 KR
Claude
Clo

So do I, but such scrambling would change nothing as after copying to another computer, the key would work as well.

If nothing hardware related, then key server is the only solution I see..

Key server is not secure when users have too high rights on their machines or use insecure connections.

The idea of the key server is to have it running on a machine which is NOT used by end users, and where they don't have read access to the server directory. Therefore the wincmd.key would be safe on that machine as long as it isn't hacked. This can be for example a Windows server which is otherwise used as a mail or file server by the company.

I don't understand this option...what is server for?

The idea is to have a dedicated server which creates computer-specific keys. Example: Total Commander calculates hardware ID of PC and sends it to the key server. The key server then signs the hardware ID together with parts of the wincmd.key, and sends it back to Total Commander. The created key is useless on other PCs, so posting it on the Internet is useless.

What do you mean by "scramble"? If it's encryption with hardware hash used as a password then it would be worth something

That's exactly what I mean. Just stealing the wincmd.key would be useless then, but a troyan running on that PC could still get the hardware ID and decrypt the key.

ghisler(Author) wrote:

Key server is not secure when users have too high rights on their machines or use insecure connections.

The idea of the key server is to have it running on a machine which is NOT used by end users, and where they don't have read access to the server directory. Therefore the wincmd.key would be safe on that machine as long as it isn't hacked. This can be for example a Windows server which is otherwise used as a mail or file server by the company.

Server has to send enough information to authenticate the copy through the net. How can you prevent users from taking the info and using somewhere else?

I don't understand this option...what is server for?

The idea is to have a dedicated server which creates computer-specific keys. Example: Total Commander calculates hardware ID of PC and sends it to the key server. The key server then signs the hardware ID together with parts of the wincmd.key, and sends it back to Total Commander. The created key is useless on other PCs, so posting it on the Internet is useless.

So this is basically what I was talking about from the start, but with a _******_ on a server, right?

ghisler(Author) wrote:

What do you mean by "scramble"? If it's encryption with hardware hash used as a password then it would be worth something

That's exactly what I mean. Just stealing the wincmd.key would be useless then, but a troyan running on that PC could still get the hardware ID and decrypt the key.

Trojan or a tool like current FTP Password Ripper, click and get the key.
It's really just a temporary solution.