Looking for a license key algorithm [closed]

Answer 1

I use a system like this:

• create a string from windows licence key + trial period end date

• generate a hash (Sha/md5) from the string

• convert the trial end date to an int (e.g. Number of days)

• the key becomes trial end date + some part of the hash

• convert the key to only uppercase characters to make it easier to enter

ABCD-DEFG-HIJK...

the validation works like

• convert key to bytes again

• extract trial end date

• create string from windows licence key + trial end date

• hash

• compare hash with rest of key

this makes it difficult enough for my audience.

Answer 2

In all honesty, what you're trying to do is pointless. However much time it takes you to write a validation/encryption/key system, estimate roughly half that for someone to break it. Even if you encrypt the final executable. However, as a delaying measure or a way to decrease the chance of people getting premium support for stolen copies, it will help. Also for simple tracking of buyers. Or for fun. :p

Anyway, there are a few ways you can handle it. A lot of software uses name (and possibly company) string(s) and a hash function to generate a key. This has the advantage of being constant (as long as the name is the same, the hash is, and so the key is). It is also a very simple system, especially if you use a well-known hash such as MD5.

hash = md5(name);

Some fancier apps use an internal function to generate a validation code of some sort, and when you combine that and the given name, you can create (and send back) a hash.

validCode = getCode(name);
hash = myHash(name ^ validCode);

A few use a system-based code (Windows is a good example), where it samples bits of hardware and builds an identifier from that. If you can get ahold of the processor name or speed, or anything else, you can run something like that. The only problem is system changes can render a code invalid, so you can either warn your users (and give away part of the process) or let them find out accidentally (not good).

sysID = processor_name() | ram_Speed();
hash = md5(sysID & name);

You can use any combination of hash functions, data gets, string inputs, boolean operations, etc. One thing to consider is you don't need to be able to reverse the process. As long as you can replicate it with the same results (any good hash function can), you can check the hashed results against each other and make sure it's valid. The more you put in, the more complicated it'll be, but the harder it'll be to crack.

Hopefully that helps with your question.

Answer 3

License keys are fairly useless in my honest opinion.
What's to stop your customer from distributing that key to others? Sure you could setup a license key server that records the number of activations but that costs money and what will happen if it goes down or goes away?

In my professional opinion, create a software that is branded uniquely to a user (encrypted inside the program of course). For example, if you goto help -> about of the software then display the person's name, phone, and possibly their address. This way if they upload it to a pirate site of some kind, not only will other people know this guys personal information...but so will you in order to charge him for more licenses or sue him.

Answer 4

The answer is that no, there isn't a secure license key algorithm that doesn't require a mathematical diploma to understand.

The best license keys are the ones digitally signed with an asymmetric encryption algorithm. You sign the key data with a private encryption key and embed the signature in the key, and the key validation (which implies signature verification among other things) is done with a public key. This way, no one can create license keys unless they have access to the private key which is...private. The problem is that there are very few (and difficult) algorithms which have sufficiently short signature sizes to be embedded in a product key. RSA is not one of them (signature size for RSA512 is 1024 bits - too much).

You can check out SoftActivate Licensing SDK it uses elliptic curve cryptography to generate short, digitally signed license keys (C++/C# source code is available).

Answer 5

In matters of security, not reusing a well known and tested algorithm and trying to create your own (lacking mathematical knowledge) is suicidal

Disclosure: I completely lack the mathematical degree to create such algorithm, and being frank, I don't personally know anyone who has it

Answer 6

There is no reliable licensing algorithm. Really. Not even one. For the most popular, most expensive proprietary software you can buy, you can also find "key generators" and hacked versions that don't require licensing.

Instead of worrying about making it "unbreakable", just do something simple. A popular mechanism is to, at purchase, ask for the user's name, and then give him a license key that's derived from a cryptographic hash (e.g. MD5 sum) of the user's name, or some variation on it. Then, in the software you ask for their name again, plus the registration key (that MD5-derived thing); you check to see that they match, which activates the software.

Can this be hacked? Absolutely. Once someone figures out how you're generating the license keys, they can generate their own. But if you keep a database of the "official" license keys you've generated so far, at least you'll be able to identify the fraudsters later on (perhaps when they try to download "premium" content or something).

But don't worry so much about stopping the hackers from cracking your code. It's going to happen, but they're such a tiny part of the market that it won't significantly affect your overall sales.