如何生成软件许可证密钥? [英] How are Software License Keys generated?
问题描述
许可密钥是作为反盗版措施的事实标准。老实说,这使我成为(in)Security Over Obscurity ,虽然我真的不知道如何生成许可证密钥。什么是许可证密钥生成的好(安全)示例?他们使用什么加密原语(如果有)?是消息摘要吗?如果是这样,他们会什么数据哈希?开发人员使用什么方法来使破解者难以构建自己的密钥生成器?
License Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as (in)Security Through Obscurity, although I really have no idea how License Keys are generated. What is a good (secure) example of License Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators? How are key generators made?
推荐答案
对于老式CD密钥,这只是一个算法的问题, CD密钥(可以是任何字符串)易于生成并且易于验证,但是有效CD密钥与无效CD密钥的比率如此之小,以至于随机猜测CD密钥不太可能获得有效的密钥。
For old-school CD keys, it was just a matter of making up an algorithm for which CD keys (which could be any string) are easy to generate and easy to verify, but the ratio of valid-CD-keys to invalid-CD-keys is so small that randomly guessing CD keys is unlikely to get you a valid one.
星际争霸生活都使用相同的校验和,其中第13位数字验证第12位数字。因此,您可以输入前12个数字的任何值,并猜测第13个(只有10种可能性),导致臭名昭着的 1234-56789-1234
验证算法是public的,看起来像这样:
The algorithm for verifying is public, and looks something like this:
x = 3;
for(int i = 0; i < 12; i++)
{
x += (2 * x) ^ digit[i];
}
lastDigit = x % 10;
正确的方法
strong> Windows XP 需要相当多的信息,对其加密,并将字母/数字编码放在贴纸上。这允许MS同时验证您的密钥和获得产品类型(家庭,专业等)。此外,它需要在线激活。
完整的算法相当复杂,但在
CORRECT WAY TO DO IT
Windows XP takes quite a bit of information, encrypts it, and puts the letter/number encoding on a sticker. This allowed MS to both verify your key and obtain the product-type (Home, Professional, etc.) at the same time. Additionally, it requires online activation.
The full algorithm is rather complex, but outlined nicely in this (completely legal!) paper, published in Germany.
当然,无论你做什么,除非你是一个人。提供在线服务(如魔兽世界),任何类型的复制保护只是一个摊位:不幸的是,如果任何游戏值得值,有人会打破(或至少绕过) / em> CD-key算法和所有其他版权保护。
Of course, no matter what you do, unless you are offering an online service (like World of Warcraft), any type of copy protection is just a stall: unfortunately, if it's any game worth value, someone will break (or at least circumvent) the CD-key algorithm, and all other copyright protections.
对于在线服务,生活有点简单,因为即使使用二进制文件,你需要验证与他们的服务器,以使任何使用它(例如,有一个WoW帐户)。魔兽世界的CD键算法 - 例如,当购买娱乐时间卡时 - 可能看起来像这样:
For online-services, life is a bit simpler, since even with the binary file you need to authenticate with their servers to make any use of it (eg. have a WoW account). The CD-key algorithm for World of Warcraft - used, for instance, when buying playtime cards - probably looks something like this:
- 生成一个非常大的加密安全随机数。
- 将其存储在我们的数据库中并将其打印在卡片上。
然后,当有人输入游戏时间卡号码时,请检查是否
$ b
对于在线服务,没有理由不使用上述方案;使用其他任何功能都可以引导到问题。
For online services, there is no reason not to use the above scheme; using anything else can lead to problems.
这篇关于如何生成软件许可证密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
