Securing CDROM from piracy

[Ed Carp]

> Vipul Ved Prakash writes:
> > We have developed a multimedia resource that will be cut on a CD-ROM for
> > retailling. Since we don't have our own distributers newtwork we will be
> > collobarating with another firm for distribution. Is there any way of making
> > sure that the guy doesnt pull a fast on on us? Can we ensure that he cannot 
> > duplicate the thing and start selling it without sharing the profit.
> 
> Since he can read the CD, he can duplicate it.
> 
> I will point out anyone buying a CD can do the same thing.
> 
> > Or alternatively is there any protocol we could follow that will
> > ensure a fair game?
> 
> I can't think of how...

This is the way I did something similar:

		puts("Enter your company name:");
		fgets(company, 80, stdin);
		puts("Please call 1-800-555-1212 for your encryption key:");
		puts("Enter it now:");
		fgets(supplied_key, 80, stdin);
		/* Compute a key based on what the user typed in */
		/* This is using md5 as an example */
		computed_key = md5(company);
		/* Now, compare it with what they typed in */
		if(strcmp(supplied_key, computed_key) != 0)
		{
			puts("Incorrect key!");
			exit(1);
		}
		...

As long as you keep the way you compute the key a secret, there's little 
chance that someone else could rip you off, since the key is 
implementation-dependent.
--
Ed Carp, N7EKG    			Ed.Carp at linux.org, ecarp at netcom.com
					214/993-3935 voicemail/digital pager
Finger ecarp at netcom.com for PGP 2.5 public key		an88744 at anon.penet.fi

"Past the wounds of childhood, past the fallen dreams and the broken families,
through the hurt and the loss and the agony only the night ever hears, is a
waiting soul.  Patient, permanent, abundant, it opens its infinite heart and
asks only one thing of you ... 'Remember who it is you really are.'"

                    -- "Losing Your Mind", Karen Alexander and Rick Boyes

The mark of a good conspiracy theory is its untestability.
		    -- Andrew Spring