<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi Michael,</p>
<p>There is a new mechanism committed in the latest trunk of SWORD
which allows a publisher to "personalize" an unlock key per user,
if they would like, but SWORD does nothing to try to enforce 'per
device' or 'per user' usage.</p>
<p>I have never heard from a publisher that they do not wish to make
their text available in SWORD format due to fear that a user could
use a text on more than one device. In fact, we advertise to
publishers that once an unlock key is purchased, it can be used on
any of our frontends on any platform and they often appreciate
that fact.<br>
</p>
<p>In my opinion, the downsides of hashing per hardware include:</p>
<p>1) we can't enforce this, as we are opensource. Our encryption
can be enforced as it is true encryption and without the unlock
code a module cannot be read. This is what we advertise to
publishers and this is what we can deliver.</p>
<p>2) if a user changes devices, they would need to gain a new
unlock code</p>
<p>3) a user would need to purchase a separate unlock code for their
phone, tablet, laptop, desktop, etc.</p>
<p>4) in the world of virtualization, it would be fairly simple to
generate an 'appliance' vm/container which could be passed on.<br>
</p>
<p>Any one of these reasons has been sufficient to keep us from
going down this road in the past and again, I haven't heard from
any publisher their concern that our unlock mechanism isn't
sufficient. We recently had a request to allow "personalization"
of unlock codes, and thus the recent commit, but that is merely a
psychological deterrent, as a user with an unlock code which
begins with something like their last name, e.g.,
SMITHJ027-abcd-1234-efgh-5678, is less likely to share their
unlock key.</p>
<p>Thank you for your suggestion. I hope the personalization
feature goes a little way to prevent what you call "impulsive
giveaways."</p>
<p>Troy<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 12/29/18 4:06 PM, Michael H wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJ9hia88SgzDW7yTKZqRqR=PjPSTAnBAi-qvpBeoHc6Dsya6HQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default"
style="font-family:garamond,serif;font-size:large">As long as
you're opening the unlock option for debate, can I suggest
that the unlock codes get hashed for the user in some way.
That is the user provides some kind of credential information
to the publisher, which the publisher uses some of the info to
hash the unlock code, and the resulting code will only work on
a specific users devices? That would go a LONG way to
convince hopeful publishers to consider sword platform. This
does imply that the unlock is only masked 1 level and would
still be relatively easily unhashed, but it makes the act a
deliberate one, and prevents simple eyes on the screen theft
and impulsive giveaways. </div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Sat, Dec 29, 2018 at 4:42 PM <a
href="mailto:refdoc@gmx.net" moz-do-not-send="true">refdoc@gmx.net</a>
<<a href="mailto:refdoc@gmx.net" moz-do-not-send="true">refdoc@gmx.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Sounds
good<br>
<br>
Sent from my mobile. Please forgive shortness, typos and weird
autocorrects.
<div class="gmail-m_-3559698534208794442quote"
style="line-height:1.5"><br>
<br>
-------- Original Message --------<br>
Subject: [sword-devel] UnlockInfo .conf entry<br>
From: "Troy A. Griffitts" <br>
To: SWORD Developers' Collaboration Forum <br>
CC: <br>
<br>
<br type="attribution">
<blockquote class="gmail-m_-3559698534208794442quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Dear Frontend
Developers,<br>
<br>
In an effort to gain more publishers-- even those who
desire to lock and<br>
sell some of their modules, I would like to add a new
.conf entry:<br>
<br>
UnlockInfo<br>
<br>
Up until now, we've relied on the About entry containing
something that<br>
lets the user know how to obtain unlock codes from
publishers selling<br>
codes to unlock their modules. This entry would isolate
just those<br>
instructions to a specific entry and would allow a
frontend to do<br>
something like:<br>
<br>
If (moduleToInstall.getConfEntry("UnlockInfo")) {<br>
<br>
showDialog("
<p>The publisher of this modules requires for you to<br>
obtain an unlock code. This code can be entered below,
instructions<br>
from the publisher are as follows:</p>
" +<br>
moduleToInstall.getConfEntry("UnlockInfo"));<br>
<br>
}<br>
<br>
Like many of our entries, this new UnlockInfo entry will
allow HTML<br>
links and will likely contain a direct link from the
publisher to their<br>
store entry to purchase an unlock code.<br>
<br>
An example would be something like:<br>
<br>
UnlockInfo=An unlock code for the Larry Fitzgerald NFL HOF
Edition of<br>
the New Testament, with memorable career moments
encouraging the<br>
believer to press on when those around fall short, may be
obtained<br>
directly from the NFL store here: <a
moz-do-not-send="true">href="https://nfl.com/shop/lf-nfl-hof-nt-sword-module">Larry
Fitzgerald<br>
NFL HOF Edition of the New Testament - SWORD Module</a><br>
<br>
Let me know if you have any comments or ideas,<br>
<br>
Troy<br>
<br>
<br>
<br>
_______________________________________________<br>
sword-devel mailing list: <a
href="mailto:sword-devel@crosswire.org" target="_blank"
moz-do-not-send="true">sword-devel@crosswire.org</a><br>
<a
href="http://www.crosswire.org/mailman/listinfo/sword-devel"
target="_blank" moz-do-not-send="true">http://www.crosswire.org/mailman/listinfo/sword-devel</a><br>
Instructions to unsubscribe/change your settings at above
page</blockquote>
</div>
_______________________________________________<br>
sword-devel mailing list: <a
href="mailto:sword-devel@crosswire.org" target="_blank"
moz-do-not-send="true">sword-devel@crosswire.org</a><br>
<a
href="http://www.crosswire.org/mailman/listinfo/sword-devel"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://www.crosswire.org/mailman/listinfo/sword-devel</a><br>
Instructions to unsubscribe/change your settings at above page</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
sword-devel mailing list: <a class="moz-txt-link-abbreviated" href="mailto:sword-devel@crosswire.org">sword-devel@crosswire.org</a>
<a class="moz-txt-link-freetext" href="http://www.crosswire.org/mailman/listinfo/sword-devel">http://www.crosswire.org/mailman/listinfo/sword-devel</a>
Instructions to unsubscribe/change your settings at above page</pre>
</blockquote>
</body>
</html>