Generating SALT for Android Licensing

Question

I would like to implement licensing in my app and need some help here.

The sample app has this:

// REPLACE WITH YOUR OWN SALT , THIS IS FROM EXAMPLE
    private static final byte[] SALT = new byte[]{
            -46, 65, 30, -128, -103, -57, 74, -64, 51, 88, -95, -45, 77, -117, -36, -113, -11, 32, -64,
            89
    };

I would like to know do I just change the numbers to some random number or do I have to generate it using SecureRandom?

I came across this code, do I have to set the SALT variable from the clipboard?

Also, does SALT have to be different for every device or same?

Answer 1

A non random salt isn't going to be very secure, in theory someone can generate every combo for your app (however thats unlikely).

I suggest you take a look RSA public key cryptography. You may want to have a look at How to use public encryption to manage licensing on android applications? .

Edit: I was a bit unclear on you question at first, Android: Do the random SALT bytes passed to AESObfuscator need to stay the same? i think is a duplicate that has an answer.

Answer 2

You can put any 20 randomly generated bytes I think you can use the following Generator for this purpose:

http://www.random.org/integers/?num=20&min=0&max=255&col=5&base=10&format=html&rnd=new