Best Practices: Generating Serial Numbers which contain informations?

Hot Topic

C# oriented object programming - Collection of objects
Check conflict before update datas using a DataAdapter ?
Converting a VS 2003 solution to VS 2005
Need help! User added to my PC, ASP.Net Machines A's What is this??
IEnumerable and IEnumerable<T>
Access deny on IpcChannel
Strange construct in template code
TableAdapter Update problem
Can XmlWriter validate against schema also? (.NET 2.0)
XmlTextReader

.NET Development

SMTPClient do not send authorisation properly
How to unload DLL files that are in use.
Trace.Writeline skipped
Conditional Merging in DataTables
How to unload DLL files that are in use.
Database explorer and oledb connections
Deployment Problem with VS 2003 VB .NET
Login to website?
WebBrowser - text only
visual web developer 2005 express edition

Best Practices: Generating Serial Numbers which contain informations?

Hello Forum Users,


i am working on a Software which can be registered by people and companies for variable period like 3 months, 6 months or one year and so on.

For example, we receive the order from company X, purchasing the software license for 6 Months.

Now we would like to use our own Serial number generator and pass in the name of the company and the period and generate a serial number, which will be delivered to the customer by e-mail, phone, fax, letter etc.

We would like to be able to show the information on the customers screen (so that he hardly would like to use someone else key), and be able to disable software functions after the given period. i guess, the key should also contain a hidden date field to pervent using the same key by re-installing the application after this period.

We were able to store the information in an object, then serialize it and maybe encrypt it, which is also a quite easy solution, but the serial key was much to long! starting somewhere beyond 60-80 characters. People receive the key not only by e-Mail (so they could copy-paste it) but often by phone or fax. This is unreasonable for the customers to read and type in an 80 character long key code.

So we though, we could use a common format, like:

FFFF-FFFF-FFFF-FFFF-FFFF-FFFF


I guess up to 32 bits (UUID/GUID Format ) would be ok.


Any ideas how this could be still possible

Thanks in Advance!

Answer this question

Best Practices: Generating Serial Numbers which contain informations?

  • Mrv

    Welcome to the wonderful world of algorithms :)

    I doubt anyone has their own you can use (plus if its public it defeats the point). Assuming it doesnt have to be really secure just think one up.

    i.e
    [code]
                    DateTime datetime = DateTime.Now();
                    String coName = "Random Company";
                    String serial = datetime.ToString() + coName;
                    for(int i=0;i<serial.Length;i++)
                    {
                        switch serialIdea
                        {
                            case 'a':
                                serialIdea = 'l';
                                break;
                            case 'e':
                                serialIdea = 'k';
                                break;
                            case 'l':
                                serialIdea = 'a';
                                break;
                            case 'k':
                                serialIdea = 'e';
                        }
                    }
    [/code]

    Idea = [ i ]

    that replaces the a with ls and the e's with k's.
    That will actually also decrypt an encrypted serial, but most encryptions need a complementary decryption function :).

    Anything you get from the public domain  is inherently insecure and someone else can get it and use it to decrypt and make their own keys.


  • Jesse Johnston

    If you want to produce GUID keys you can use the uuidgen.exe tool included with VS.

  • Jim in NoVA

    You don't really store information in serial number or at the least you store the very minimum (maybe the date the serrial will end) and then the user can insert their own name/email/phone after the validation of the serial is done (if it's a web app, it can be done on the web).

    Serial number were ment to be auto-generated whith a 'sercret' mathematical function to validate it.

    ex: if the first number + the last number = 10 then it's a valid serial number and ignore the other number (they are there just to confuse hacker).



  • Pink Triangles

    "ex: if the first number + the last number = 10 then it's a valid serial number and ignore the other number (they are there just to confuse hacker)."

    I like that so simple approach a lot Big Smile thanks for the idea Idea, sometimes we are just thinking too complicated, don't we ;)

  • msbhvn

    This is probably a fairly difficult problem.

    32 bits for an encryption key would not allow you to have very strong encryption.  If I recall, DES uses a 56-bit key size, and most people consider it too weak to use today.  56 bits is probably the bare minimum you could get away with (but I wouldn't recommend it).

       There may be a way to get this to work, but the probability is it will not be very robust.  I'm sure someone with more crypto background could shed more light on this...

  • 超初心者

    Thanks for your hints! Its not the most essential thing for us to get it very secure. We know that almost anything can by bypassed if the person really wants to and has some knowledge.

  • kmeyer

    Thanks but this doesnt answer my question. Its very easy to generate a random code, but the problem is to seed some "hidden" information into it.
  • Best Practices: Generating Serial Numbers which contain informations?
Answer this question