How sure is to create a USB security key using PnPDeviveID?
https://stackoverflow.com/questions/1303828
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I need to protect software using a USB key. Can I just query a USB drive with WMI and obtain the PnPDeviceId from Win32_DiskDrive Class, and compare it with one already hashed and hard coded in the application? How secure is this? Can the PNPDeviceID property be modified? Is hardware coded? Any other idea?
Logically the USB drives are going to be carefully selected.
Thanks
Solution
It can probably be faked with a device driver layer, I don't know if it can be changed in the device - I have never seen anything to do it.
I was thinking of this as a cheap alternative to a dongle and a way to distribute the software.
One thing to be careful of - the very cheap USB keys don't implement this they just send a random (?) key when plugged in, so they get a new id when inserted in different ports.
