Re: hash function for creating an activation code

[Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com>]

Hi
thanks for you replies
If i concatenate request code and a preselected constant string
,indeed i implemented a simple KDF? Do i understand KDF concept?
I think it is a sharp way to cheat who want to find hashing method. He
will goes to blind alley. Do you agree with me?
How long does it take for a hacker to discover hashing method and KDF?

On Mon, Nov 9, 2009 at 10:43 PM, Shailesh Rangari <shailesh.sf () gmail com> wrote:
> The most simple and obvious way of accomplishing this would be to
> concatenate the 'Unique Number' with a 'Username' and generate a hash of
> this string that could further be used to generate some sort of 'Activation
> Code'. You can use the SHA-1 family of hash generators for added security.
> But from the point of reverse engineering your software, it could be easy
> for a potential adversary to generate your license keys assuming he/she
> discovers 'What' unique hex numbers your software is extracting from the
> network adapters of a hosts computer.
> Perhaps 'Key Derivation Functions' would best suite your requirements.
> -Shailesh
> On Mon, Nov 9, 2009 at 1:36 PM, Ali Asghar Toraby Parizy
> <aliasghar.toraby () gmail com> wrote:
> > hi
> > I want to create a license file for my program
> > I have created a function that extract unique hex number of each network
> > adapters of host computer
> > When activation wizard starts, this unique number has been sent to a
> > server
> > as a request code. Now i need a hash function that mix this number with a
> > user name and return a new code as an activation code to user.
> > So please suggest a hash function
> > request code is a string like this:
> > -------------------
> > "
> >
> > 000272B0002600FFD924114B0008C9A20DE70001027CC602002215FE0E9B005056C0000100=
> >
> > 5056C0000800000000000000E000000000000000E000000000000000E000000000000000E00=
> >
> > 0000000000000E000000000000000E000000000000000E000000000000000E0000000000000=
> >
> > 00E000000000000000E000000000000000E000000000000000E000000000000000E00000000=
> >
> > 0000000E000000000000000E000000000000000E000000000000000E000000000000000E000=
> >
> > 000000000000E000000000000000E000000000000000E000000000000000E00000000000000=
> >
> > 0E000000000000000E000000000000000E000000000000000E000000000000000E000000000=
> >
> > 000000E000000000000000E000000000000000E000000000000000E000000000000000E0000=
> > 00000000000E000000000000000E0"
> > -------------------
> > and a user name may be "aliasghar.toraby () gmail com"
> > thanks for any help
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate.  We look at how SSL works, how it benefits your company and how
> > your customers can tell if a site is secure. You will find out how to test,
> > purchase, install and use a thawte Digital Certificate on your Apache web
> > server. Throughout, best practices for set-up are highlighted to help you
> > ensure efficient ongoing management of your encryption keys and digital
> > certificates.
> >
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------