可怜的人序列号生成方案 [英] Poor man serial number generation scheme
问题描述
我想获得一些简单的方案/算法基于一些独特的硬件ID(CPU ID或以太网MAC地址或硬盘序列号)生成的序列号。
I would like to get some simple scheme / algorithm for generating serial numbers based on some unique hardware id (cpu id or ethernet mac address or hard disk serial number).
我想方案的工作仅在一个方向 - 所以客户机上的应用程序可以验证序列号,但是不生成一个。 (所以它不会是简单的破解)。
I would like scheme to work only in one direction - so application on client machine can verify serial number but not generate one. (So it would not be simple to crack).
现在最有可能你们中的大多数会推荐某种形式的RSA公钥/私钥对加密,它可以工作足够可靠 - 客户端没有RSA私钥,所以他不能产生的序列号
Now most probably most of you will recommend some sort of RSA public / private key pair encryption, which can work reliably enough - client does not have private RSA key, so he cannot "generate" serial number.
但随着RSA签名主要问题是,它太大了 - 这是签名的大小是根据RSA密钥大小为128或256字节(的 RSA签名大小?)
But main problem with RSA signature is that it's too big - it's signature size is 128 or 256 bytes depending on RSA key size (RSA signature size?)
- 我想要的序列号是简单的复制粘贴,从邮件到报名表 - 所以最多64个字符,最好是32个字节
好了,现在你可能会说,这种保护不是针对蛮力一种黑客的足够好 - 在这里你只是尝试了所有的组合,以确定正确的序列号
Ok, now you will probably say that this kind of protection is not good enough against brute force kind of hacking - where you simply try out all combinations in order to determine correct serial number.
不过,我要说的是,你通常需要聘请昂贵的黑客或黑客团队打造这样的蛮力破解应用程序。
But I would say that typically you need to hire "expensive" hacker or hacker team to create such brute force cracking application.
此外,我认为这是可以改变的序列号生成算法应用的下一个版本,或者使用多轮次的传球大幅减慢蛮力。
Also I think it's possible to change serial number generation algorithm for next versions of application, or use multi-round passing to slow down brute force dramatically.
为基地我会preFER使用普通C或C ++(不是C#),preferably的Windows / wincrypt.h或任何现有普通的C源代码code(preferably并不大3 -rd第三方库)。
As a base I would prefer to use plain C or C++ (not C#), preferably Windows / wincrypt.h or any existing plain C source code (Preferably not huge 3-rd party libraries).
是否有可能创建RSA公钥/私钥对,以便签名的大小将是长期的32个字符?
Is it possible to create RSA public / private key pair so signature size would be 32 characters long ?
推荐答案
您可能想看看 ECDSA 。
ECDSA的是像RSA公钥算法,但比RSA的一个较短的密钥和签名大小,以提供有效的安全性相同的水平。 ECDSA是基于椭圆曲线加密。无论在RSA和在ECDSA中使用椭圆曲线中使用的整数分解问题减少到离散对数问题,这被认为是难以解决的。
ECDSA is a public key algorithm like RSA, but with a shorter key and signature size than RSA to provide the same level of effective security. ECDSA is based on a elliptic curve cryptography. Both the integer factorization problem used in RSA and elliptic curve used in ECDSA reduce to discrete logarithm problem, which is believed to be difficult to solve.
例如,对于安全级别相同的1024位RSA,估计有保障的约80位,可以使用160位的ECDSA密钥,其产生的320位签名。您可以采用base64 EN code 320位签名成54个字符的字符串或ASCII85 EN code到50个字符的字符串。
For example, for a security level the same as 1024-bit RSA, which is estimated to have approximately 80-bit of security, you can use a 160-bit ECDSA key, which produces a 320-bit signature. You can base64 encode a 320-bit signature into a 54 characters string or ascii85 encode into a 50 characters string.
另外,如果你想保持32字符base64编码,可在数据的最大192位不放,可以使用ECDSA 96位密钥大小。 96位ECDSA的有效强度是48位,这是一般不够强进行适当加密,但在你的情况下,它可能仍然是更容易为攻击者逆向工程程序来删除您的许可证密钥检查,而不是试图生成一个伪造的关键。
Alternatively, if you want to keep 32-characters with base64 encoding, which can hold at most 192-bit of data, you can use ECDSA with 96-bit key size. The effective strength of 96-bit ECDSA is 48-bit, which is generally not strong enough for proper encryption, but in your case it may still be easier for the attacker to reverse engineer the program to remove your license key checks rather than trying to generate a forged key.
这篇关于可怜的人序列号生成方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
