A Simple Open DRM

We love to hate DRM, because we associate it with degraded quality or loss of data control. Sometimes we associate it with loss of privacy when we register. 

Here is a formative "Open DRM."

The kernel of the system is going to be the idea that a salted hash is a member of a class of some kind. If I start with a MEMBER md5 hash and run 200,000 iterations of the correct salt, I hit a control value predictably. 

The potential problem arises not from providing 199,999 different possible keys, but from providing a registered customer with his own valid replacement, on that rare occasion when he proves he has purchased it, and we must re-present his original key.

Standing behind the warranty is what makes us reputable.

To preserve his privacy AND the security of our system, we do not want to store the enumerated value on the server. 

However, we can reasonably suppose that we can manage to keep a secret value secure.

I propose that the DBM or LLC choose a passphrase of some kind, and hash it a proprietary number of times WITH AN APPROPRIATE SALT to generate a secret value. This value will now become the basis for the member class.

Valid keys will be the first 30th to the 200,030th values derived from hashing the secret value with a particular salt. The company would keep a record of the date, the salt and the 30th value.

The salts change monthly, with additions when there are more than 200,000 sales in a particular month. 

Here, write once, compile many is part of my plan. However, I am not suggesting recompiling for every customer. I am suggesting recompiling every month/200,000 sales. 

For my DRM, I am going to select salts composed of object code looking bytes, to obfuscate decompiling. This devolves from suggesting syntactically valid reserved words, but these would remain ascii or unicode in compiled data, whereas the idea is to render them difficult to retrieve. 

Distribution would be accomplished by hashing the starting key by the integer of the customer number, using the salt of the month. 

At the start of each month, the administrator would hash the secret value 200,030 times with the salt of the month, and hard code the result in the source code. Then he would compile it.

Evaluation would be accomplished by hashing the customer key 200,000 times, checking if it matches at each iteration. A successful match authorizes execution. Failing to arrive at the final value proves the key is invalid. This is the same principle as a rainbow table.

At the time of this writing, I acknowledge that 200,000 iterations of a hash is a time-killing obstacle for customers who want their game to load instantly. I speculate that storing an intermediate value in the range of 30 might resolve it, but as it stands I have not resolved how 30 hashes is enough to arrive at the final value without ultimately reducing "key space," to 30.

This represents an Open DRM.

Comments

Post a Comment

Popular posts from this blog

A Question About Erasthmus' Sieve

Students of Mathematics are familiar with Erasthmus' Sieve. 2     x 3          x                4       x 5               x 6     x     x 7 8     x 9          x 10       x          x 11 12     x     x 13 14     x 15          x     x 16     x 17 18     x     x 19 20     x          x 21          x 22     x 23 First, we strike all multiples of 2 up to the square root (5.) Then all multiples of 3, then all multiples of 5, etc. I wrote a digital implementation of the Sieve, and used the index cr...
Read more

Notice of corrupted results: Vigenere may yet be found to be a "group."

Retraction: It is with regret that I do not delete the previous post. I am an individual, not an organization, and I failed to adequately double-check my results, but I am leaving the post to maintain some accountability. I am able to definitively say that the script for 2chars_from_file.py DOES NOT yield an exhaustive list. It develops the ciphertext for all 2 Char combinations of the FIRST 10, three character ciphertexts. This is not due to a logic error, but rather there is a virus that corrupts the indentation of the two write statements.  This may be verified by downloading the relevant code, and examining it, and running it if needed, against the relevant datafile. It is difficult to be exhaustively correct about ALL of the scripts. This calls ALL of my results in question, with regard to the qualification of a mathematical group. If Vigenere IS a group, the resulting substitution is still valid, but there exist 6 Char passwords that will accomplish the same encryption in ONE...
Read more

A Simple Rule for the Stock Market

The Stock Market is where the wealth of America is stored. As such, it is best when the stock market faithfully reflects the ups and downs of the economy. Stock market corrections are how the stock market reflects setbacks to the economy. This is good, as far as it goes, but in fact, when a stock market correction occurs, it is not well understood where the value of labor, goods and services stored in the stock market goes.  The whole idea that rising stock prices reflect improvements in the economy, is that this is the result of good investments. Investing is an act of devoting time, effort, or energy to a particular undertaking with the expectation of a worthwhile result. An investment is proven to be a good one, when it pays off after a duration of time. If you buy a stock, you wait for it to rise in price, and sell it at the appropriate time. "Buy low, Sell high," is how stock brokers explain their craft. How long should you hold a stock? This has always been up to the ow...
Read more