RE: [GD-General] serial numbers
Brought to you by:
vexxed72
Menu
▾
▴
RE: [GD-General] serial numbers
|
From: Gareth L. <GL...@cl...> - 2003-05-27 17:21:21
|
Hmm, say (for arguments sake) that your hash is 12 characters. The sequential number is 4 characters. My name is Gareth Lewin, the code you give me is 0001-2486-2546-1356 2486-2546-1356 is the hash of "Gareth Lewin 0001" if another Gareth Lewin registered your product, you create the hash = for "Gareth Lewin 002" and say that is 4532-5634-1867 so his key is 0002-4532-5634-1867 Ofcourse you need to make sure your hash function generates vastly = differant values for "Gareth Lewin 001" and "Gareth Lewin 002" You can do that by taking the 4 digits as a hex number and xoring = "Gareth Lewin" with it and hashing. So you generate a hash for "Gareth Lewin" xored (each 4 chars) by 0001 = etc. This would work nicely if (and that's the case you describe) the hash function runs on a remote machine. This stuff won't work really well on the clients machine. Another idea is to have 255 or more secrets ( You can just take a dictionary, randomise it and use that as the secret table ), then the sequential number is just the index into the table. > -----Original Message----- > From: Ignacio Casta=F1o [mailto:cas...@ya...] > Sent: 27 May 2003 18:18 > To: gam...@li... > Subject: Re: [GD-General] serial numbers=20 >=20 >=20 > Gareth Lewin wrote: > > Just make the serial number out of two parts. The first part is a > sequential > > number, then hash the name and the serial number. >=20 > But then, given a key, it's quite easy to generate a different one, = by > changing the sequential number. >=20 > The validator doesn't know the sequential number of a given=20 > serial number > beforehand. So, the sequential number cannot be added to the=20 > message with > the secret and the public data. It has to be mixed with the=20 > result of the > hash function. But how can I mix the sequence number and the hash in = a > non-obvios but reversible way? >=20 > If it's too obvious, anybody can take an existing key, and=20 > generate many new > keys using the same hash, but a different sequence number. >=20 >=20 > Ignacio Casta=F1o > cas...@ya... >=20 >=20 > > -----Original Message----- > > From: Ignacio Casta=F1o [mailto:cas...@ya...] > > Sent: 27 May 2003 17:37 > > To: gam...@li... > > Subject: Re: [GD-General] serial numbers > > > > > > J C Lawrence wrote: > > > Typical forms I've seen are a one-way hash ala MD5 of the > > public data, > > > along with a secret. The resultant string (often with > > another secret) > > > is then digitally signed with the resultant string, > > sometimes with a CRC > > > or other padding data appended.. The application then=20 > verifies the > > > signature to check that the key is of valid form, and the > > central site > > > can check that the key is legit. > > > > Thanks, I was looking for something like that so, but I still have = a > > problem. I create a message using the secret and the public=20 > data, and > > generate the key aplying MD5 to it, so when the user logs in, > > he provides > > the previous key and the public data. I know the secret, so I > > can recompute > > the key and validate the key that the user provided. > > > > MD5 is not trivially reversible, so this seems to work. > > However, if two > > users have the same name, the keys will also be the same, and > > some products > > don't requiere an username, so in that case I would have a=20 > single key! > > > > How can I solve that? I'd like to add a random part to the > > encoded message, > > but then I don't know how to validate it... > > > > Thanks in advance, > > > > > > Ignacio Casta=F1o > > cas...@ya... > > > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: ObjectStore. > > If flattening out C++ or Java code to make your application fit in = a > > relational database is painful, don't do it! Check out ObjectStore. > > Now part of Progress Software.=20 http://www.objectstore.net/sourceforge > _______________________________________________ > Gamedevlists-general mailing list > Gam...@li... > https://lists.sourceforge.net/lists/listinfo/gamedevlists-general > Archives: > http://sourceforge.net/mailarchive/forum.php?forum_id=3D557 > ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Gamedevlists-general mailing list Gam...@li... https://lists.sourceforge.net/lists/listinfo/gamedevlists-general Archives: http://sourceforge.net/mailarchive/forum.php?forum_idU7 ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Gamedevlists-general mailing list Gam...@li... https://lists.sourceforge.net/lists/listinfo/gamedevlists-general Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=3D557 |
