Comment Re:Some more depth (Score 1) 474
Split the program into two parts; a loader and a
Enforcing loaders would be closed source and CRC the client
As the encryption/decryption is in the same process as the client, there wouldn't be any context switching problems.
Extending it a bit further, the client part would not be allowed to load any data directly from a file on the host, instead doing it through the loader which can CRC the loaded data to verify that it hasn't been tampered with.
Now, what happens is of course that you move the interest of crackers from the client to the loader - if it's cracked then you can do anything you want.
A further improvement would be to download the loader from the server every time you connected to it. The server would periodically (every few minutes or maybe even for every connection) generate new loaders through some server-specific algorithm, meaning that it wouldn't be enough to crack one loader, but instead you would have to crack the algorithm used by the server to generate the loader, as well as cracking the individual loader. Also, as soon as a server suspects that its algorithm is weak, it can be changed.
The size of the resulting security hole - basically you are letting the servergod control your computer - means that it isn't a practical solution - unless, of course, you write the loader in Java.
With Java1.2 security, it should be possible to setup the security parameters allowing you to safely let the loader load the
Also, using this technique, the loader interface would be open-source, and it might be possible to open-source the loader implementation template/loader generator as well, if the generated instances is sufficiently hard to crack.
