Question:
Where can I find tutorials on basic key generation?
ronnocerman
2011-07-04 00:29:50 UTC
I'm planning on designing a game, which I would like to have the ability to "activate".
For this to be done, I would like to...
A: Have the client generate a key based on their computer's MAC address.
B: Have the server generate a key based on the client's key, and then return it to the client.
C: Have the client be able to interpret the server's key and recognize it as a valid response and thus...
D: Activate the software.

I was looking through public/private key encryption, and wanted to write my own encryption algorithm.
Any explanations(preferred) or links are helpful. Thanks!
Three answers:
Shadow Wolf
2011-07-04 02:02:24 UTC
We'll start with your worst sin. DO NOT try to make your own encryption algorithm. I can probably break any algorithm you can "invent". Find the sci.crypt FAQ and the Snake Oil FAQ for some basic info on encryption and why you don't want to make your own..



I have to think on this a bit. The secret sharing algorithm is the key to everything including what encryption algorithms you need if any.



In any case, these are possible results depending on how hard you make the key generation system.



The hacker comes along and changes a jmp instruction with a simple patch to bypass your whole activation scheme. A similar thing happens with embedded keys.



If you designed your own encryption, the hacker comes along and breaks your whole authorization encryption scheme and publishes a key gen program.



You'll probably want to start on these or find some free libraries you can use.



So, FIPS Pub 180 series documents are the Secure Hash Algorithm standard documents. Use Google to find them. By changing a single bit, the output will change almost completely.



You'll want the AES standard as well.



The patent on RSA should be long expired by now.



All that is needed is a secret sharing algorithm that works without me being able to think of a way to bypass it immediately.



(edit)

Ok, here is your answer.

You'll need RSA or Diffie-Hellman public key crypto and at least SHA1.



Client takes the user registration info which may include machine dependent info and hashes it.

The hash and registration info is sent to the registration server.

The server checks and encrypts the hash plus a random salt value using the private key. (2048 bits minimum)

The server sends the encrypted hash back to the client.

The client decrypts the hash using the embedded public key.

If the decrypted hash matches the registration hash, the program is registered and functions.



Problems and weaknesses:

The public key can be patched to an alternate public key. An alternate key gen is then possible.

The resulting data block can be fairly large if it needs to be copied manually.

You'll also need a binary to text converter for manual key entry.

The space needed for the hash and encryption may be prohibitive.

A new registration hash is needed every time to verify it is still on the same machine.

You might want a tampering detection hash of the program to verify it's integrity.



There are alternatives, but software protection schemes are never foolproof.



Shadow Wolf.
LuisLuiX
2011-07-04 07:52:37 UTC
for serials usually there is nothing magical about it.



usually you generate the numbers based on whatever you want, and then you use the last digit as a "check digit".



check the source, it gives explanation on how credit cards work, serials work the same way
Sajjad Cherghi
2011-07-04 08:04:32 UTC
here u can find good tutorials

http://marketplace.tutsplus.com?ref=sajjadcheraghi


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...