I'm not liking the token system.
For starters.... I and a few other people could easily make a keygen to generate tokens. It would be hit and miss, but anything that generates a code can be cracked.
The token generator is nothing more than a key generator, with each key only being able to be used once. Right now, sure... There are not many XenForo customers and the odds are low.You have my permission to try and crack mine.
Good luck.
People crack things because they gain something out of it. Why would you waste your time to crack a validation token of a forum software customer?I'm not liking the token system.
For starters.... I and a few other people could easily make a keygen to generate tokens. It would be hit and miss, but anything that generates a code can be cracked.
I only mention this because I've seen such a system done for another software (web software, such as forums or blogs). Before you know it, you've got people validating themselves as other people.
And then there is the idea that you can only have 1 key (token) generated at a time. If I am doing business with more than one person at the same time.... Must I wait for them to check it? How would I know when they did?
X person maybe online today and Y person maybe online 3 days from now, but if I send Y person a token... I could have hit up X person sooner.
This is all coming down to... I would much rather have a nice "verified" in my postbit.
For starters.... I and a few other people could easily make a keygen to generate tokens. It would be hit and miss, but anything that generates a code can be cracked.
The token generator is nothing more than a key generator, with each key only being able to be used once. Right now, sure... There are not many XenForo customers and the odds are low.
Honestly, I wonder about the "purpose" of this API... Any decent hacker who wants to distribute mods that check for this can very easily edit out the function since PHP is visible source.
I can think of 2 reasonsPeople crack things because they gain something out of it. Why would you waste your time to crack a validation token of a forum software customer?
The token generator is nothing more than a key generator, with each key only being able to be used once. Right now, sure... There are not many XenForo customers and the odds are low.
But as you add more customer or to the point, more individual licenses ... Those odds go up.
Microsoft Windows couldn't keep their "keys" (tokens) secure.... We're talking a multi-billion dollar company who spent millions trying to develop an algorithm that could not be cracked.
And tested "one time use keys" (before genuine advantage) and they too failed.
The changing variable is the number of licenses sold.
This reason would apply if XenForo were Sony. XenForo ain't no Sony.I can think of 2 reasons
- Because they can (that if often #1)
You're not thinking outside the box....Let me tell you how low.
Given the 1000 limit per IP per day.
If you used that 1000 limit, on every single IPv4 in existance, it would take you aproximately 800 million years to go through every key possible.
Like I said. Good luck
It's not a key so there is no way to make a keygen...You're not thinking outside the box....
Someone legitimately buys a copy of XenForo (perfectible more than one or has others willing to help). They in turn generate a few keys. In turn they are able to decode the algorithm. From there they make a keygen.
You're IP limit is a mute point.
You're not thinking outside the box....
Someone legitimately buys a copy of XenForo (perfectible more than one or has others willing to help). They in turn generate a few keys. In turn they are able to decode the algorithm. From there they make a keygen.
You're IP limit is a mute point.
We use essential cookies to make this site work, and optional cookies to enhance your experience.