Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's a good approach for developing a simple serial number generator/verifier?

Tags:

language-agnostic

license-key

I'm working on an app I'd like to sell some day -- sooner rather than later! I'd like to develop a reasonably simple serial number scheme to protect it.

  • A simple number/letter combination not more than 25-30 alphanumeric characters long (think Microsoft product keys)
  • Does not require the user to enter any personal information (like an email address) as part of the verification

I've been thinking about this a (very little) bit, and I think public key cryptography is a good place to start. I could generate a string that identifies the license (like SKU + plain ole' integral serial number), hash it, encrypt it, and encode the serial number + identifier into a 25 digit (or so) alphanumeric key. The app would then decode the key into a serial number and "signature", generate an identifier hash, decrypt the "signature" using a corresponding public key and compare it against the generated identifier hash.

Essentially, the product key carries two pieces of data: the serial number the user claims to own plus a signature of sorts the program can use to verify that claim. I don't know if 25 alphanumeric characters (which encode 5 bits each for a realistic total of 120 bits) is enough for all this. But, it doesn't have to be cryptographically secure, just enough that the codes aren't easily guessable. I'm OK with short key lengths and short hashes.

As far as implementation goes, the app is written in Objective-C for Mac OS X, but given how easy it is to inject code into Cocoa apps, I'll probably write the verification code in straight C.

like image 637
Alex Avatar asked Feb 17 '09 23:02

Alex

1 Answers

I would not use any strong cryptography, since you have to decrypt it in program anyways, making keygens or at least cracks easy to do.

I would do the following - take a, say, 25 digit number. Now add some rules, such as: - number must be divisible by 31 - it must start and end with the last letter ...

Always generate keys using these rules. Use 20 rules or more (more the better). When deploying the app, use smaller number of rules, e.g. 10 to check if key is valid. These rules will then be disassemled and used to create keygen.

On every update enable one of the rules you didn't use before. If rules are selected correctly, you will disable most of keys generated by keygens.

like image 170
bh213 Avatar answered Sep 21 '22 00:09

bh213
Sign in to Comment

Related questions

Proof of correct of the dynamic programming approach to min edit distance
What algorithm can you use to find duplicate phrases in a string?
What happens during Stand-By and Hibernation?
A naming convention for the column intended exclusively for ordering
Simple spell checking algorithm
Find the Ninja Index of an array
Maximizing difference between numbers in a sequence
Does it make sense to store a SQLite database in version control?
How to cluster objects (without coordinates)
What is this pattern called (helps avoid type casting)?
What language features are required in a programming language to make a compiler?
Reading hexadecimal values in English
Are 0 bytes files really 0 bytes?
Is the DI pattern limiting wrt expensive object creation coupled with infrequent dependency usage?
How is the modulo operator (%) actually computed?
Finding number of concurrent events given start and end times
How to store a polynomial?
What is the cellular automaton shown as loading screen on Wolfram Alpha?
How does adding MIN_VALUE compare integers as unsigned?
Explaining refactoring [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!