Hello Robert,

RK> You may be right.  While there's no absolute security, certainly some
RK> effort could be made to hide it appropriately.  I'm not too familiar with
RK> current technologies in that area, but I have the impression one could do
RK> much bettern than declaring a char array with the key in it...

But you must provide the decryption code. And whatever you do, you only
need to add one print stratement at the right position to dump the encryption
key. And if this position is known, the cracker got it.

The key to good software protection is completely based on hiding
this right position. For example protection shields like Armadillo,
decode individuell memory pages on the fly so that crackers can't dump
the code and deassemble it easily.

If matz does not change the license to BSD, maybe it is possible to
obfuscate the ruby c source code after adding something like this.
Shuffling the order of functions (which results in different compiled
binaries) and provide different ruby.exe with different downloads - for
example build 100 different installer packages and randomly select one
of them for downloads. So even a working patch would only work with
about 1/100 of the downloads. Making it really frustrating for
crackers to get this. Remember that 95% of the crackers do it for
getting fame in the community, not for getting money or doing reverse
engineering of your wisdom and knowledge.


-- 
 Best regards,                        emailto: scholz at scriptolutions dot com
 Lothar Scholz                        http://www.ruby-ide.com
 CTO Scriptolutions                   Ruby, PHP, Python IDE 's