Re: how license key is generated?

From: Gary Shannon (gary_at_fiziwig.com)
Date: 03/16/04 

Date: Tue, 16 Mar 2004 02:45:24 GMT

"Paul Rubin" <http://phr.cx@NOSPAM.invalid> wrote in message
news:7x4qsp1w0y.fsf@ruckus.brouhaha.com...
> Tim Smith <reply_in_group@mouse-potato.com> writes:
> > and encrypt using any 128-bit block cipher, with a fixed encryption
> > key. Encode in base 36 as 5 groups of 5 digits, print it, and throw
> > it in the box.
> >
> > The software would then check the key by converting back to a 128-bit
block,
> > decrypting it, and seeing if the resulting plaintext looks like a
keyinfo
> > structure.
>
> Are you saying to embed the secret block cipher key in the software?
> That would let anyone reverse engineer the block cipher key and
> generate unlimited quantities of license keys.

Anyone smart enough to extract the algorithm from the machine code is also
smart enough to simply bypass the check of the regstration number. Like
locks on the doors of your home, this procedure only keeps honest people
honest, but does nothing to stop dishonest people.

BTW: The system I implemented for a friend used base 32 instead of base 36
to avoid the confusion between the digit "0" and the letter "O" as well as
the digit '1' and the letter 'I' which can be conufused in some fonts.

Since its' not terribly secure anyway I just added. base 26, the user name
of the person registering the software to the supplier's product code and
did a 12 character hash something like TK8E-7FTW-HP3M, for example. If a
user wants to give his friend that key he has to give out his own name as
well because the key won't work with a different user name. Not secure, but
adequate for this application.

--gary