If the attacker runs it under an x86 emulator like bochs, they don't need
to sniff the network, just look at memory after it's decrypted. Also,
what
I suggested was an attempt to avoid dependence on a network. I'd be
pretty
unhappy if I bought something that required a connection to some
authentication server before it would decide to function for me. Going
too
far with this risks pissing off people who had no plans to hack the
thing,
but dislike the explicit distrust of them. I mean, that's as bad as
buying
a DVD and finding out that it's "illegal" to watch it on a GNU system...
You don't want to make your clients feel like you think they're
criminals,
or your adversaries.