I am getting close to completing my app which I plan to sell. This thing is going to need some crack protection. So I am shipping a alphanumeric key to customers that pay. You need to enter the key to get the software to work. I thought I would test to see how a brute force attack might work against this first level of defense.I coded up an app that would simulate a user trying combinations of characters, guessing what a legit key would be. This brute force cracker does not have any speed up techniques. Currently it is generating 2000 keys a minute. I plan to leave the thing running all night to see if it can get into my app.
If it does get in, I will implement some delays on my app when it detects wrong keys being entered. That will slow down a brute force attack. However if I find it takes forever for the cracker to get into my app, then I might not even add that level of defense. No need to put up a higher gate if the existing one is keeping out the dogs.
