Best Practices: Generating Serial Numbers which contain informations?

Hot Topic

Text alignment in Listbox, and Textfile, for printing.
problems integrating java web services in .net 2005
ViewState
Problems with .NET (Console aplication)
about sending mail with user auth.
Join 2 tables from 2 different databases in ADO.net
MDAC SDK Conformance testing & .NET!
How to use Membership & Role Provider in Windows App?
Creating Typed Dataset in Web Service using Visual Web Developer 2005 Express Edition
Debuggin A DataSet

.NET Development

Convert C# to VB
access permission probelms. HELP ME!!!
Security Problems
Dynamic invoking and enumerations and indexes
Help declaring Configuration converters
obtain phisically connected printer information under .net
SslStream fails - switch to plain sockets...
adding properties to a form so that the properties appear in the property window
Concurrency Violation When Updating MS Access Db
Security Errors running program on a share

Best Practices: Generating Serial Numbers which contain informations?

Hello Forum Users,


i am working on a Software which can be registered by people and companies for variable period like 3 months, 6 months or one year and so on.

For example, we receive the order from company X, purchasing the software license for 6 Months.

Now we would like to use our own Serial number generator and pass in the name of the company and the period and generate a serial number, which will be delivered to the customer by e-mail, phone, fax, letter etc.

We would like to be able to show the information on the customers screen (so that he hardly would like to use someone else key), and be able to disable software functions after the given period. i guess, the key should also contain a hidden date field to pervent using the same key by re-installing the application after this period.

We were able to store the information in an object, then serialize it and maybe encrypt it, which is also a quite easy solution, but the serial key was much to long! starting somewhere beyond 60-80 characters. People receive the key not only by e-Mail (so they could copy-paste it) but often by phone or fax. This is unreasonable for the customers to read and type in an 80 character long key code.

So we though, we could use a common format, like:

FFFF-FFFF-FFFF-FFFF-FFFF-FFFF


I guess up to 32 bits (UUID/GUID Format ) would be ok.


Any ideas how this could be still possible

Thanks in Advance!

Answer this question

Best Practices: Generating Serial Numbers which contain informations?

  • Leonard Kleinow

    "ex: if the first number + the last number = 10 then it's a valid serial number and ignore the other number (they are there just to confuse hacker)."

    I like that so simple approach a lot Big Smile thanks for the idea Idea, sometimes we are just thinking too complicated, don't we ;)

  • JohnGTN

    Welcome to the wonderful world of algorithms :)

    I doubt anyone has their own you can use (plus if its public it defeats the point). Assuming it doesnt have to be really secure just think one up.

    i.e
    [code]
                    DateTime datetime = DateTime.Now();
                    String coName = "Random Company";
                    String serial = datetime.ToString() + coName;
                    for(int i=0;i<serial.Length;i++)
                    {
                        switch serialIdea
                        {
                            case 'a':
                                serialIdea = 'l';
                                break;
                            case 'e':
                                serialIdea = 'k';
                                break;
                            case 'l':
                                serialIdea = 'a';
                                break;
                            case 'k':
                                serialIdea = 'e';
                        }
                    }
    [/code]

    Idea = [ i ]

    that replaces the a with ls and the e's with k's.
    That will actually also decrypt an encrypted serial, but most encryptions need a complementary decryption function :).

    Anything you get from the public domain  is inherently insecure and someone else can get it and use it to decrypt and make their own keys.


  • CraigCody

    Thanks for your hints! Its not the most essential thing for us to get it very secure. We know that almost anything can by bypassed if the person really wants to and has some knowledge.

  • Jim Fafrak

    Thanks but this doesnt answer my question. Its very easy to generate a random code, but the problem is to seed some "hidden" information into it.

  • Lucky Tiger

    This is probably a fairly difficult problem.

    32 bits for an encryption key would not allow you to have very strong encryption.  If I recall, DES uses a 56-bit key size, and most people consider it too weak to use today.  56 bits is probably the bare minimum you could get away with (but I wouldn't recommend it).

       There may be a way to get this to work, but the probability is it will not be very robust.  I'm sure someone with more crypto background could shed more light on this...

  • Maruis Marais

    If you want to produce GUID keys you can use the uuidgen.exe tool included with VS.

  • drave

    You don't really store information in serial number or at the least you store the very minimum (maybe the date the serrial will end) and then the user can insert their own name/email/phone after the validation of the serial is done (if it's a web app, it can be done on the web).

    Serial number were ment to be auto-generated whith a 'sercret' mathematical function to validate it.

    ex: if the first number + the last number = 10 then it's a valid serial number and ignore the other number (they are there just to confuse hacker).



  • Best Practices: Generating Serial Numbers which contain informations?
Answer this question