Re: [GD-General] serial numbers
Brought to you by:
vexxed72
Menu
▾
▴
Re: [GD-General] serial numbers
|
From: Ben C. <be...@gu...> - 2003-05-26 23:43:47
|
On Tuesday, May 27, 2003, 12:25:20 AM, someone wrote: [snip] > I'm sure there is a lot of information about this, and I know that this is > probably related with encryption and checksum algorithms, but I cannot see > the exact relation between the two. You want to generate a sequence (probably trivially obfuscated) containing the username/registration number (as in order number, not unlocking code) or whatever, and then sign it using one of the various public-key crypto algorithms. That way, you use the private key to generate the signature, and the application can *verify* the signature is valid using the public key, but it is "very hard" (in a provable, mathematical sense) to generate a new valid signature without the private key. Pick a big enough key-size (for an app like this, where generation/verification time isn't a big issue, go for a large number >=512 bit or so, say), and it becomes basically impossible to break the system without acquiring the private key "directly" (ie breaking into your office or whatever) or devoting totally unrealistic amounts of computation time to it. Er... or inventing a quantum computer, of course, but if someone manages that I imagine cracking shareware registration schemes will be well down their list of "things to do"... <grin> I'd look up the various open-source crypto libraries that are available - it's possible to "roll your own" cryptography code, but it's very easy to make subtle mistakes that can leave you open to vulnerabilities. -- Ben Carter - Neko Technologies - be...@gu... http://www.neko-tech.com/ - http://www.absoluteterror.com/ ---------------------------------PGP Key available on request--- "Broken mirror, a million shades of light, the old echo fades away. But just you and I can find the answer, and then we can run to the end of the world." - Small of two pieces, Xenogears |
