开发简单的序列号生成器/验证器的好方法是什么? [英] What's a good approach for developing a simple serial number generator/verifier?
问题描述
我正在开发一款希望一天销售的应用程序-宜早不宜迟!我想开发一个合理的序列号方案来保护它.
I'm working on an app I'd like to sell some day -- sooner rather than later! I'd like to develop a reasonably simple serial number scheme to protect it.
- 简单的数字/字母组合,长度不超过25-30个字母数字字符(请考虑使用Microsoft产品密钥)
- 不需要用户输入任何个人信息(例如电子邮件地址)作为验证的一部分
我一直在(很少)考虑这一点,并且我认为公钥加密是一个不错的起点.我可以生成一个字符串,用于标识许可证(例如SKU +普通ole的完整序列号),对其进行哈希处理,对其进行加密,然后将序列号+标识符编码为25位(左右)的字母数字键.然后,该应用会将密钥解码为序列号和签名",生成标识符哈希,使用相应的公钥解密签名",并将其与生成的标识符哈希进行比较.
I've been thinking about this a (very little) bit, and I think public key cryptography is a good place to start. I could generate a string that identifies the license (like SKU + plain ole' integral serial number), hash it, encrypt it, and encode the serial number + identifier into a 25 digit (or so) alphanumeric key. The app would then decode the key into a serial number and "signature", generate an identifier hash, decrypt the "signature" using a corresponding public key and compare it against the generated identifier hash.
本质上,产品密钥包含两段数据:用户声称拥有的序列号以及程序可以用来验证该声明的各种签名.我不知道25个字母数字字符(每个编码5位,实际总共120位)是否足以满足所有需求.但是,它不必一定是加密安全的,仅需保证代码不容易被猜中即可.我可以使用较短的密钥长度和较短的哈希值.
Essentially, the product key carries two pieces of data: the serial number the user claims to own plus a signature of sorts the program can use to verify that claim. I don't know if 25 alphanumeric characters (which encode 5 bits each for a realistic total of 120 bits) is enough for all this. But, it doesn't have to be cryptographically secure, just enough that the codes aren't easily guessable. I'm OK with short key lengths and short hashes.
就实施而言,该应用程序是用Mac OS X的Objective-C编写的,但是考虑到将代码注入Cocoa应用程序有多么容易,我可能会用直接C语言编写验证代码.
As far as implementation goes, the app is written in Objective-C for Mac OS X, but given how easy it is to inject code into Cocoa apps, I'll probably write the verification code in straight C.
推荐答案
我不会使用任何强大的加密技术,因为无论如何您都必须在程序中对其进行解密,这使得密钥生成或至少破解变得容易.
I would not use any strong cryptography, since you have to decrypt it in program anyways, making keygens or at least cracks easy to do.
我将执行以下操作-以25位数字表示.现在添加一些规则,例如: -数字必须被31整除 -它必须以最后一个字母开头和结尾 ...
I would do the following - take a, say, 25 digit number. Now add some rules, such as: - number must be divisible by 31 - it must start and end with the last letter ...
始终使用这些规则生成密钥.使用20条或更多规则(越多越好).部署应用程序时,请使用较少数量的规则,例如10检查密钥是否有效. 这些规则将被取消设置并用于创建密钥生成器.
Always generate keys using these rules. Use 20 rules or more (more the better). When deploying the app, use smaller number of rules, e.g. 10 to check if key is valid. These rules will then be disassemled and used to create keygen.
在每个更新上启用以前未使用的规则之一.如果正确选择了规则,则将禁用由密钥生成器生成的大多数密钥.
On every update enable one of the rules you didn't use before. If rules are selected correctly, you will disable most of keys generated by keygens.
这篇关于开发简单的序列号生成器/验证器的好方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
