I’ve been asked to develop a key generation/validation system for some software. They would also be open to a developed open source or commercial system, but would prefer a system from scratch. Online activation would have to optional, since it is likely that some installations would be on isolated servers. I know there is kind of a user/security complex with a lot of anit-piracy techniques. So I guess I’m asking what software, libraries, and techniques are out there? I would appreciate personal knowledge, web sites, or books.
I’ve been asked to develop a key generation/validation system for some software. They would
Share
If you take the hash of something, it will result (ideally) in an unpredictable string of characters.
You could have an algorithm be to take the SHA1 of something predictable (like sequential numbers) concatenated with a sufficiently long salt. Your keys would be really secure as long as your salt remains a permanent secret and SHA1 is never breached.
For example, if you take the SHA1 of “1” (your first license key) and a super secret salt “stackoverflow8as7f98asf9sa78f7as9f87a7”, you get the key “95d78a6331e01feca457762a092bdd4a77ef1de1”. You could prepend this with version numbers if you want.
If you want online authorization, you need three things:
Public key cryptography can help with items one and two. Even Photoshop CS4 has problems with item 3, that’s a tricky one.