■ xplorer² v. pirates latest score: 1-all draw

One of the biggest reasons why everybody had to change unlock keys for xplorer² v2.0 last summer was to cure the problem of the keygens that flourished in the warez scene to the detriment of xplorer² business. The old v1.x key was based on a home grown protection system that was eventually compromized completely. Not only could people help themselves to fully functional xplorer² keys, but there were even up-to-no-gooders selling xplorer² counterfeit keys in "discount" stores.

When I implemented a RSA encryption scheme for v2 I was confident that the math would be on xplorer² side. The RSA keygen is a well known algorithm but it relies on huge prime numbers to keep pirates at bay (pun intended). The asymmetric encryption means that even though a reverse engineer can read off the public encryption key inside xplorer² (used to validate a registration key), they could not infer the private part which is essential for key generation. So theoretically the keygen problem would be cured once and for all, leaving only room for harder to manage (from the pirates point of view) software patches.

Blinded in my confidence I even got boastful, in a classic case of tempting fate and insulting the Olympian gods with my mortal's arrogance. Hardly a month had passed from the official release of the "unbreakable" xplorer² v2.0 when the bubble poped: a fully working keygen appeared by some ZWT group, who also produced keygens for xplorer² v1.x. Well they thought that the Titanic was unsinkable too.

How could this be? The RSA expert who advised me while creating the software protection system was adamant that 512 bit RSA was beyond the computational means of any hacker group. The only way to reverse engineer a private encryption key from the public one is the brute force approach: just try all the prime numbers you can till you find the matching one. If the numbers involved are big enough (and 512 bit numbers are very big), it will take awful lot of number crunching power and a very long time to break the encryption, hence the theoretical safety of RSA. But these ZWT people did it in a month! Here are the possible explanations:

They had more computational power than security experts imagine and they brute forced the private encryption key.
The RSA key pair I picked for xplorer² had some numeric vulnerability which they exploited to fathom the key quickly
They found a back door to my computer system and read off the private key

The new xplorer² ultimate edition introduced with v2.1 has reinforced 1024 bit RSA encryption. Three months down the road and there is still no keygen for it available in the warez forums. This fact would imply that the problem with the v2.0 key was that 512 bits is just too weak to offer any security, and it was simply brute-forced into submission. That would be a sigh of relief since the other possible explanations are too painful to contemplate. Of course it could be that I am provoking the wrath of Zeus again, and tomorrow some hacker group will release a keygen for xplorer² ultimate. Only time will tell, but dear hackers please get your act together because as things stand you are beaten <g>