Path: utzoo!attcan!uunet!husc6!uwvax!vanvleck!uwmcsd1!ig!agate!ucbvax!INDYVAX.BITNET!IMHW400
From: IMHW400@INDYVAX.BITNET
Newsgroups: comp.os.vms
Subject: Re:  Software Protection
Message-ID: <8807041500.AA21855@ucbvax.Berkeley.EDU>
Date: 1 Jul 88 12:41:00 GMT
Sender: usenet@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 31

Many (most?) people think that the SID register on a VAX is a handy place
to get a unique value for use in protecting software.  Even some vendors
believe this.  Unfortunately, it isn't so.  The SID is made up mostly of
hardware and microcode rev. levels, option flags, and such.  I know of one
product that stopped working at a site that had just gone to a higher rev.
level on one of the CPU boards, for example.

Using the SID for security is not a good idea.  Take a look at the VAX Hardware
Handbook, and see:

o       how the format of the SID varies wildly from one processor to another;

o       that only a few processor types have anything resembling a serial
        number *anywhere* in the SID.

***********

Now that I've demolished one suggestion, let me provide another:  do any
of you know whether the new License Management Facility has space reserved
for third parties, so that we can use it to protect/manage our own stuff
as well as DEC's?  I imagine that this would require registration with DEC,
just like for facility codes in condition longwords, but that should be no
problem for a commercial product.  I wonder if the key-recognition algorithm
is secure enough that the key-*generation* software can be widely distributed?

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Mark H. Wood    IMHW400@INDYVAX.BITNET   (317)274-0749 III U   U PPPP  U   U III
Indiana University - Purdue University at Indianapolis  I  U   U P   P U   U  I
799 West Michigan Street, ET 1023                       I  U   U PPPP  U   U  I
Indianapolis, IN  46202 USA                             I  U   U P     U   U  I
[@disclaimer@]                                         III  UUU  P      UUU  III