Home page logo
/

basics logo Security Basics mailing list archives

Re: hash function for creating an activation code
From: Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com>
Date: Tue, 10 Nov 2009 20:01:24 +0330

Hi
thanks for you replies
If i concatenate request code and a preselected constant string
,indeed i implemented a simple KDF? Do i understand KDF concept?
I think it is a sharp way to cheat who want to find hashing method. He
will goes to blind alley. Do you agree with me?
How long does it take for a hacker to discover hashing method and KDF?

On Mon, Nov 9, 2009 at 10:43 PM, Shailesh Rangari <shailesh.sf () gmail com> wrote:
The most simple and obvious way of accomplishing this would be to
concatenate the 'Unique Number' with a 'Username' and generate a hash of
this string that could further be used to generate some sort of 'Activation
Code'. You can use the SHA-1 family of hash generators for added security.
But from the point of reverse engineering your software, it could be easy
for a potential adversary to generate your license keys assuming he/she
discovers 'What' unique hex numbers your software is extracting from the
network adapters of a hosts computer.
Perhaps 'Key Derivation Functions' would best suite your requirements.
-Shailesh
On Mon, Nov 9, 2009 at 1:36 PM, Ali Asghar Toraby Parizy
<aliasghar.toraby () gmail com> wrote:

hi
I want to create a license file for my program
I have created a function that extract unique hex number of each network
adapters of host computer
When activation wizard starts, this unique number has been sent to a
server
as a request code. Now i need a hash function that mix this number with a
user name and return a new code as an activation code to user.
So please suggest a hash function
request code is a string like this:
-------------------
"

000272B0002600FFD924114B0008C9A20DE70001027CC602002215FE0E9B005056C0000100=

5056C0000800000000000000E000000000000000E000000000000000E000000000000000E00=

0000000000000E000000000000000E000000000000000E000000000000000E0000000000000=

00E000000000000000E000000000000000E000000000000000E000000000000000E00000000=

0000000E000000000000000E000000000000000E000000000000000E000000000000000E000=

000000000000E000000000000000E000000000000000E000000000000000E00000000000000=

0E000000000000000E000000000000000E000000000000000E000000000000000E000000000=

000000E000000000000000E000000000000000E000000000000000E000000000000000E0000=
00000000000E000000000000000E0"
-------------------
and a user name may be "aliasghar.toraby () gmail com"
thanks for any help

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]