I regularly use a license key method that I've found to be very safe. It
involves the construction of a long string of data such as the computer
name, user name and other metrics that are unique to the machine the product
is to be installed. This long string is used to generate a hash key that is
unique for every installation. In most instances I use a web-service to do
the key generation so that is under the control of my server.
I created a licensing component that uses this hash key to grant or deny
licenses based upon runtime / design time use and I also do horrible stuff
like check for the presence of different sorts of debugger running on the
machine. This licensing component is heavily obfuscated with an obfuscator
that crashes the IL disassemblers and it's guts are also encrypted wherever
possible.
I feel that I can explain this because the heart of the system depends upon
so many factors that go together to create a string of information which
averages about 1000 characters. Hash key cracking systems such as lookup
tables are unreliable past 15 or 20 characters so my strings with all the
weird information I collect are, I think, quite safe.
IMO If anyone has the energy to crack such a variable system as one that is
different for each and every installation, even if it's installed twice on
the same machine, then they are the very low percentage of people who will
be deterred by nothing. I know that a single crack would take an
inordinately long time and the key is so simple to change that a trivial
update on my part will make the hackers have to go through the whole reverse
engineering process again.
--
Bob Powell [MVP]
Visual C#, System.Drawing
Find great Windows Forms articles in Windows Forms Tips and Tricks
http://www.bobpowell.net/tipstricks.htm
Answer those GDI+ questions with the GDI+ FAQ
http://www.bobpowell.net/faqmain.htm
All new articles provide code in C# and VB.NET.
Subscribe to the RSS feeds provided and never miss a new article.
