Hi
thanks for you replies
If i concatenate request code and a preselected constant string
,indeed i implemented a simple KDF? Do i understand KDF concept?
I think it is a sharp way to cheat who want to find hashing method. He
will goes to blind alley. Do you agree with me?
How long does it take for a hacker to discover hashing method and KDF?
On Mon, Nov 9, 2009 at 10:43 PM, Shailesh Rangari <shailesh.sf (at) gmail (dot) com [email concealed]> wrote:
> The most simple and obvious way of accomplishing this would be to
> concatenate the 'Unique Number' with a 'Username' and generate a hash of
> this string that could further be used to generate some sort of 'Activation
> Code'. You can use the SHA-1 family of hash generators for added security.
> But from the point of reverse engineering your software, it could be easy
> for a potential adversary to generate your license keys assuming he/she
> discovers 'What' unique hex numbers your software is extracting from the
> network adapters of a hosts computer.
> Perhaps 'Key Derivation Functions' would best suite your requirements.
> -Shailesh
> On Mon, Nov 9, 2009 at 1:36 PM, Ali Asghar Toraby Parizy
> <aliasghar.toraby (at) gmail (dot) com [email concealed]> wrote:
>>
>> hi
>> I want to create a license file for my program
>> I have created a function that extract unique hex number of each network
>> adapters of host computer
>> When activation wizard starts, this unique number has been sent to a
>> server
>> as a request code. Now i need a hash function that mix this number with a
>> user name and return a new code as an activation code to user.
>> So please suggest a hash function
>> request code is a string like this:
>> -------------------
>> "
>>
>> 000272B0002600FFD924114B0008C9A20DE70001027CC602002215FE0E9B005056C00001
00=
>>
>> 5056C0000800000000000000E000000000000000E000000000000000E000000000000000
E00=
>>
>> 0000000000000E000000000000000E000000000000000E000000000000000E0000000000
000=
>>
>> 00E000000000000000E000000000000000E000000000000000E000000000000000E00000
000=
>>
>> 0000000E000000000000000E000000000000000E000000000000000E000000000000000E
000=
>>
>> 000000000000E000000000000000E000000000000000E000000000000000E00000000000
000=
>>
>> 0E000000000000000E000000000000000E000000000000000E000000000000000E000000
000=
>>
>> 000000E000000000000000E000000000000000E000000000000000E000000000000000E0
000=
>> 00000000000E000000000000000E0"
>> -------------------
>> and a user name may be "aliasghar.toraby (at) gmail (dot) com [email concealed]"
>> thanks for any help
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate. We look at how SSL works, how it benefits your company and how
>> your customers can tell if a site is secure. You will find out how to test,
>> purchase, install and use a thawte Digital Certificate on your Apache web
>> server. Throughout, best practices for set-up are highlighted to help you
>> ensure efficient ongoing management of your encryption keys and digital
>> certificates.
>>
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
thanks for you replies
If i concatenate request code and a preselected constant string
,indeed i implemented a simple KDF? Do i understand KDF concept?
I think it is a sharp way to cheat who want to find hashing method. He
will goes to blind alley. Do you agree with me?
How long does it take for a hacker to discover hashing method and KDF?
On Mon, Nov 9, 2009 at 10:43 PM, Shailesh Rangari <shailesh.sf (at) gmail (dot) com [email concealed]> wrote:
> The most simple and obvious way of accomplishing this would be to
> concatenate the 'Unique Number' with a 'Username' and generate a hash of
> this string that could further be used to generate some sort of 'Activation
> Code'. You can use the SHA-1 family of hash generators for added security.
> But from the point of reverse engineering your software, it could be easy
> for a potential adversary to generate your license keys assuming he/she
> discovers 'What' unique hex numbers your software is extracting from the
> network adapters of a hosts computer.
> Perhaps 'Key Derivation Functions' would best suite your requirements.
> -Shailesh
> On Mon, Nov 9, 2009 at 1:36 PM, Ali Asghar Toraby Parizy
> <aliasghar.toraby (at) gmail (dot) com [email concealed]> wrote:
>>
>> hi
>> I want to create a license file for my program
>> I have created a function that extract unique hex number of each network
>> adapters of host computer
>> When activation wizard starts, this unique number has been sent to a
>> server
>> as a request code. Now i need a hash function that mix this number with a
>> user name and return a new code as an activation code to user.
>> So please suggest a hash function
>> request code is a string like this:
>> -------------------
>> "
>>
>> 000272B0002600FFD924114B0008C9A20DE70001027CC602002215FE0E9B005056C00001
00=
>>
>> 5056C0000800000000000000E000000000000000E000000000000000E000000000000000
E00=
>>
>> 0000000000000E000000000000000E000000000000000E000000000000000E0000000000
000=
>>
>> 00E000000000000000E000000000000000E000000000000000E000000000000000E00000
000=
>>
>> 0000000E000000000000000E000000000000000E000000000000000E000000000000000E
000=
>>
>> 000000000000E000000000000000E000000000000000E000000000000000E00000000000
000=
>>
>> 0E000000000000000E000000000000000E000000000000000E000000000000000E000000
000=
>>
>> 000000E000000000000000E000000000000000E000000000000000E000000000000000E0
000=
>> 00000000000E000000000000000E0"
>> -------------------
>> and a user name may be "aliasghar.toraby (at) gmail (dot) com [email concealed]"
>> thanks for any help
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate. We look at how SSL works, how it benefits your company and how
>> your customers can tell if a site is secure. You will find out how to test,
>> purchase, install and use a thawte Digital Certificate on your Apache web
>> server. Throughout, best practices for set-up are highlighted to help you
>> ensure efficient ongoing management of your encryption keys and digital
>> certificates.
>>
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]