Re: [GD-General] serial numbers
Brought to you by:
vexxed72
Menu
▾
▴
Re: [GD-General] serial numbers
|
From: <cas...@ya...> - 2003-05-27 17:13:40
|
Gareth Lewin wrote: > Just make the serial number out of two parts. The first part is a sequential > number, then hash the name and the serial number. But then, given a key, it's quite easy to generate a different one, by changing the sequential number. The validator doesn't know the sequential number of a given serial number beforehand. So, the sequential number cannot be added to the message with the secret and the public data. It has to be mixed with the result of the hash function. But how can I mix the sequence number and the hash in a non-obvios but reversible way? If it's too obvious, anybody can take an existing key, and generate many new keys using the same hash, but a different sequence number. Ignacio Castaño cas...@ya... > -----Original Message----- > From: Ignacio Castaño [mailto:cas...@ya...] > Sent: 27 May 2003 17:37 > To: gam...@li... > Subject: Re: [GD-General] serial numbers > > > J C Lawrence wrote: > > Typical forms I've seen are a one-way hash ala MD5 of the > public data, > > along with a secret. The resultant string (often with > another secret) > > is then digitally signed with the resultant string, > sometimes with a CRC > > or other padding data appended.. The application then verifies the > > signature to check that the key is of valid form, and the > central site > > can check that the key is legit. > > Thanks, I was looking for something like that so, but I still have a > problem. I create a message using the secret and the public data, and > generate the key aplying MD5 to it, so when the user logs in, > he provides > the previous key and the public data. I know the secret, so I > can recompute > the key and validate the key that the user provided. > > MD5 is not trivially reversible, so this seems to work. > However, if two > users have the same name, the keys will also be the same, and > some products > don't requiere an username, so in that case I would have a single key! > > How can I solve that? I'd like to add a random part to the > encoded message, > but then I don't know how to validate it... > > Thanks in advance, > > > Ignacio Castaño > cas...@ya... > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: ObjectStore. > If flattening out C++ or Java code to make your application fit in a > relational database is painful, don't do it! Check out ObjectStore. > Now part of Progress Software. http://www.objectstore.net/sourceforge > _______________________________________________ > Gamedevlists-general mailing list > Gam...@li... > https://lists.sourceforge.net/lists/listinfo/gamedevlists-general > Archives: > http://sourceforge.net/mailarchive/forum.php?forum_id=557 > ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Gamedevlists-general mailing list Gam...@li... https://lists.sourceforge.net/lists/listinfo/gamedevlists-general Archives: http://sourceforge.net/mailarchive/forum.php?forum_idU7 |
