Hello Derek,

DW> Maybe i'm reading this wrong, but it looks as though you're saying
DW> that not talking about it increases its security.  If so... i think
DW> we only need one counter argument: DeCSS.  "Highly" secret and
DW> pitifully simple to crack.

With such a simple stupid implementation that it can be written on
the backside of your wall-mart bill.

I'm talking about serious implementations. How many people know what to
do if there debugger is not able to attach to a windows process and
all the other ways to see into your process memory do also fail ?

Not that many.
And you think you can goggle the answer ? No. Not that easy too.

So you already catched a lot of the attackers on your first defense line.
After this if you still want a crack you have to get the attention of
an experienced cracker and that will cost month of time if you will
ever find one who things that this would give him fame and fortune.

Remeber the topic of the thread. We are not really discussing security here,
at least thats not what i do. I'm talking about business rules to increase
the ROI of your development by talking more time to be cracked and making it
harder for people to use this without paying and harder for average people to
apply the crack to your program. That was the OP question/intention.
I would guess that only 1% of this has something to do with a mathematical formula.


-- 
 Best regards,                        emailto: scholz at scriptolutions dot com
 Lothar Scholz                        http://www.ruby-ide.com
 CTO Scriptolutions                   Ruby, PHP, Python IDE 's