穷人序列号生成方案 [英] Poor man serial number generation scheme
问题描述
我想获得一些简单的方案/算法,用于根据一些独特的硬件ID(cpu id或ethernet mac地址或硬盘序列号)生成序列号。
<我希望方案只能在一个方向上工作 - 所以客户机上的应用程序可以验证序列号,但不能生成一个。 (所以这不是简单的破解)。
现在最可能的大多数人会推荐某种RSA公钥/私钥对加密,这可以很好地工作 - 客户端没有私钥RSA密钥,所以他不能生成序列号。
但RSA签名的主要问题是它太大了 - 它的签名大小是128或256字节,具体取决于RSA密钥大小( RSA签名大小?)
- 我希望序列号是从邮件到注册表单的简单复制粘贴 - 最多64个字符,最好是32个字节。
好的,现在你可能会说这种保护不够强大,不够强悍的黑客 - 你只需要尝试所有的组合来确定正确的序列号。 / p>
但我会说,通常你需要雇佣昂贵的黑客或黑客团队c这种强力破裂应用。
此外,我认为可以更改下一个应用程序版本的序列号生成算法,或者使用多次传递来显着减慢暴力。
作为基础,我更喜欢使用普通的C或C ++(而不是C#),最好是Windows / wincrypt.h或任何现有的普通C源代码(最好不是巨大的3方方库)
是否可以创建RSA公钥/私钥对,因此签名大小将是32个字符长?
您可能需要查看 ECDSA 。
ECDSA是一种公共密钥算法,如RSA,但具有比RSA更短的密钥和签名大小,以提供相同级别的有效安全性。 ECDSA基于椭圆曲线加密。在ECDSA中使用的RSA和椭圆曲线中使用的整数分解问题都减少到离散对数问题,这被认为是难以解决的。
例如,对于安全级别,与估计有大约80位安全性的1024位RSA相同,您可以使用160位ECDSA键,产生320位签名。您可以将64位的签名编码为54位字符串或ascii85编码为50个字符的字符串。
或者,如果要使用base64保留32个字符编码,可以容纳最多192位的数据,您可以使用96位密钥大小的ECDSA。 96位ECDSA的有效实力是48位,通常不够强大,无法正确加密,但在您的情况下,攻击者可能会更容易地将程序反向工程以删除许可证密钥检查,而不是尝试生成伪造的密钥。
I would like to get some simple scheme / algorithm for generating serial numbers based on some unique hardware id (cpu id or ethernet mac address or hard disk serial number).
I would like scheme to work only in one direction - so application on client machine can verify serial number but not generate one. (So it would not be simple to crack).
Now most probably most of you will recommend some sort of RSA public / private key pair encryption, which can work reliably enough - client does not have private RSA key, so he cannot "generate" serial number.
But main problem with RSA signature is that it's too big - it's signature size is 128 or 256 bytes depending on RSA key size (RSA signature size?)
- I want serial number to be simple copy paste from mail to registration form - so maximum 64 characters, ideally 32 bytes.
Ok, now you will probably say that this kind of protection is not good enough against brute force kind of hacking - where you simply try out all combinations in order to determine correct serial number.
But I would say that typically you need to hire "expensive" hacker or hacker team to create such brute force cracking application.
Also I think it's possible to change serial number generation algorithm for next versions of application, or use multi-round passing to slow down brute force dramatically.
As a base I would prefer to use plain C or C++ (not C#), preferably Windows / wincrypt.h or any existing plain C source code (Preferably not huge 3-rd party libraries).
Is it possible to create RSA public / private key pair so signature size would be 32 characters long ?
You might want to check out ECDSA.
ECDSA is a public key algorithm like RSA, but with a shorter key and signature size than RSA to provide the same level of effective security. ECDSA is based on a elliptic curve cryptography. Both the integer factorization problem used in RSA and elliptic curve used in ECDSA reduce to discrete logarithm problem, which is believed to be difficult to solve.
For example, for a security level the same as 1024-bit RSA, which is estimated to have approximately 80-bit of security, you can use a 160-bit ECDSA key, which produces a 320-bit signature. You can base64 encode a 320-bit signature into a 54 characters string or ascii85 encode into a 50 characters string.
Alternatively, if you want to keep 32-characters with base64 encoding, which can hold at most 192-bit of data, you can use ECDSA with 96-bit key size. The effective strength of 96-bit ECDSA is 48-bit, which is generally not strong enough for proper encryption, but in your case it may still be easier for the attacker to reverse engineer the program to remove your license key checks rather than trying to generate a forged key.
这篇关于穷人序列号生成方案的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
