DeadBolt.NET Suspended

Wednesday, December 24, 2003

Tim Heuer pointed me to an article that represents a fundamental flaw in our implementation of DeadBolt.NET. It is written by the great Don Box and Chris Sells, and describes what is going on under the covers of SN.EXE. I did a lot of research on the subject of Strong Name Signing before helping to write this add-in, and never came across this article. Hopefully, by pointing it out, more people will understand how it works, as I obviously didn't. Basically, our implementation is flawed because we're pulling the PublicKeyToken from the combined public/private key, and not just the public key (apparently, SN.EXE dioesn't pay attention to the difference). The assembly is being signed properly, we're just extracting the wrong information for the Public Key part.

Due to this fact, I'm suspending all downloads of DeadBolt.NET, pending a resolution. It may come as early as tonight, possibly not till after Christmas. I'm sorry for the delay, I can't believe that it didn't make it past our tests. A whole heap of thanks goes to Tim Heuer for his assistance. It's good to see some shining positive (yet often quiet) faces out there lending a hand. His help the past few weeks has been invaluable to me.

sometimes a step back is two-steps forward.. hope you come out with a new version soon.. (like the logo that goes with it.. :-)

SBC - Wednesday, December 24, 2003 12:10:00 AM

Good luck Rob. We'll be looking at it when you repost...

Darrell - Wednesday, December 24, 2003 3:07:00 AM

DeadBolt.NET has been re-released.

Robert McLaws - Friday, December 26, 2003 5:58:00 AM

3 Comments