I owe a deep-hearted "thank you" to Charlie over at The Inquirer right now, because this story is just not as interesting without his very bitter but realistic take on it.
Most of us remember the great effort Microsoft put in to developing a complicated and "foolproof" license setup for Windows Vista, and everyone has been waiting for its horrible defeat. Well, it looks like some crackers just got medieval on it
Brute force cracking is as old as data security - if you have a hunch that someone uses a particular style of password, you can throw every password that fits those parameters at it in every combination until one of them is accepted. It's long, it's dirty, and it works on the Vista activation system.
The short keylength of 25 characters puts it well
within the possibility of trying them all until one works. The only downside is, each legal copy of Vista is only able to be activated a certain number of times - so these codes that are accepted may easily end up activating units already on the shelves or even on someone's computer. It would entirely be possible to take your new computer home, plug it in, and find out your OS is not authorised since other people have already activated it.
Charlie mentioned that he didn't have a copy of Vista to test it on because of its anti-user measures, but the premise sounds pretty interesting and if it becomes widespread there could be some serious problems. What would Microsoft do if legitimate users are unable to register their legal software? I would not want to be an employee at the call centers (wherever they are) when this starts to get popular....
It all goes to show the old adage - "When you build a better mousetrap, you build a better mouse." Sometimes you just build an angry mouse, who takes a very big sledgehammer to your very delicate, Rube Goldberg-esque trap.
Do you have a thought on the Vista key debacle? How about a way for Microsoft to get out of its jam? Let us know in our forums