First off, you need to relax some. Seriously. This isn't a campaign against evil incarnate... it's just some complaints and concerns against a security system you don't happen to like.

You're welcome to state your problems/opinions...but it seems a little odd to me the sheer amount of vitriol that seems to be involved. It's puzzling.

Now, since Steve is probably asleep, I'll take a second and discuss the nature of Challenge/Response systems and what Steve might well have meant by "in conjunction". I'll call it C/R for short :)

The Poser5 license system uses C/R to validate your installation. The software uses code to reduce your system into a challenge by evaluating or hashing some parameters. it looks like they are using portions of the inbuilt identification common to hard drives.

This challenge needs to be met by a proper Response, the response is usually generated by combining the challenge with some secret information (like a cryptographic key) to arrive at a response that in theory "proves" that the response could only have come from Curious Labs.

Notice that the basics of C/R don't CARE what communications method you use. They ask for a challenge, they get a response and it's all good. Whether that response is typed in each time, or stored in a file, or transmitted over the internet is completely irrelevant. It is still a challenge/response system in all those cases.

That includes the us of modern dongles.**

In other words, a dongle is inherently a challenge/response system. The dongle contains a small CPU that is capable of performing calculations. Those calculations almost always are used to construct a valid response to a challenge. Since in theory this hardware is a secure carrier for the "secret" information, the publisher can allow the dongle to issue responses autonomously.

So when Steve mentions that thy would be using a dongle in conjunction with the current system he may mean two things, both of which are accurate and useful:

• That the dongle may well be considered another valid source of a response. So the system will happily take it from the dongle, or fall back on the web and manual input methods if the dongle isn't present.
• That all dongle systems are challenge/response based - and as such the fundamental security code of Poser would not have to change. The architecture and code stays basically the same... a dongle slides right on in.

So if you relax and look at it with some understanding of the security model involved and the code/hardware you see that the phrase "in conjunction" is completely accurate and does not imply that one would need to both own a dongle and get a response code from CL.

Relax.

Personally, I am surprised CL is bothering to explore other options at all. Certainly changing the security model of a product at this date is an expensive consideration - and it certainly reflects well on their desire to sooth community outcry from a vocal few that they would explore the options.