Path: utzoo!attcan!uunet!husc6!uwvax!vanvleck!uwmcsd1!ig!agate!ucbvax!INDYVAX.BITNET!IMHW400 From: IMHW400@INDYVAX.BITNET Newsgroups: comp.os.vms Subject: Re: Software Protection Message-ID: <8807041500.AA21855@ucbvax.Berkeley.EDU> Date: 1 Jul 88 12:41:00 GMT Sender: usenet@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 31 Many (most?) people think that the SID register on a VAX is a handy place to get a unique value for use in protecting software. Even some vendors believe this. Unfortunately, it isn't so. The SID is made up mostly of hardware and microcode rev. levels, option flags, and such. I know of one product that stopped working at a site that had just gone to a higher rev. level on one of the CPU boards, for example. Using the SID for security is not a good idea. Take a look at the VAX Hardware Handbook, and see: o how the format of the SID varies wildly from one processor to another; o that only a few processor types have anything resembling a serial number *anywhere* in the SID. *********** Now that I've demolished one suggestion, let me provide another: do any of you know whether the new License Management Facility has space reserved for third parties, so that we can use it to protect/manage our own stuff as well as DEC's? I imagine that this would require registration with DEC, just like for facility codes in condition longwords, but that should be no problem for a commercial product. I wonder if the key-recognition algorithm is secure enough that the key-*generation* software can be widely distributed? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Mark H. Wood IMHW400@INDYVAX.BITNET (317)274-0749 III U U PPPP U U III Indiana University - Purdue University at Indianapolis I U U P P U U I 799 West Michigan Street, ET 1023 I U U PPPP U U I Indianapolis, IN 46202 USA I U U P U U I [@disclaimer@] III UUU P UUU III