AthlonRob

So I want to built a 'feature' into my application, where the user has to type in a code (from me) every 14 days or so. If they don't, the program doesn't work. Essentially, make it kind of like shareware, but not really.

The piece of the puzzle i am missing, is the key generator. How can I make one (or find one to use) that will generate a key that can be recognized by both the software and myself?

lordofduct

what kind of key do you want? Cryptography covers a large portion of encryption of which keys is a VERY large group. Not only are there millions of different algorithms, but there's many different designs to how they act.

Basically what I'm asking is how does your implementation expect the "key" to act? This will slim down your area of choice significantly, and maybe then we can help you.

Otherwise I'd go and research all the different encryption methods out there and get an idea of what is easy enough for you to pull off while being strong enough to meet your needs, and having the active design that acts like you expect.

AthlonRob

It's not so much cryptography as it is, handling a user response. What I did was use a msgbox prompting the user to enter a code. Let's say my program knows the code is the day of the month (1-31). If the user does not enter the correct code (i.e. the correct day of the month) then I just pop up a message saying it's the wrong code, and exit the application.

What I implemented was a little more sophisticated than that, but that's what I meant by my question. Thanks for taking the time to respond!

igloo iguana

Whats wrong with the way you are currently using it?
Why do you want a key generator?

NFITC1

I've made key generators before and lordofduct is right. There are tons of ways to encrypt things so I can't give you any specifics on "right or wrong" ways to do it. You'll probably want to base it on a number of unique things though.

Depending on if you don't want them to enter the same key over and over again (probably not) then you could make the date part of the way you create this key. Be careful about using the date though. Depending on when they try to validate their key an accurate result could be way off. Imagine they enter the key at exactly 1 processor tick before New Year's Day. The date could change between when your program creates the key to compare it to and when the user enters it.
If your user has to enter their name you could use that as part of the create of the key too.
If you want your user to use it per machine you could get a piece of hardware code off of something like the hard drive (I don't know how to do that) or MAC address and use THAT as part of the key too.

Basically, take all the data you want to use to uniquely identify your user's instance, concatenate it however you'd like, and encrypt it. Encrypting is usually not more complicated than taking all the bits in the data and sorting them around in different places. The order is up to you. Or you could do some sort of lossless compression on them. Ciphers are an option, but easily crackable.

AtmaWeapon

Guys, I might be interpreting it wrong, but I read post #3 as:
"I came up with a solution to the problem that works for me, thanks for the offer of help, though!"

I agree that his solution as explained is not very secure, but this may be intentional. Developer vs. cracker is a game of cat vs. mouse where there are 1 million mice and 1 cat. The simplest piracy scheme might only bat away 10% of potential freeloaders, but that can add up to a lot of money. A more complicated scheme might prevent 20% of piracy, but cost a week or so to implement. Preventing 80% of piracy might require weeks of implementation and the purchase of dedicated servers to provide activation services, along with key generators and support staff for people without constant internet connections.

The correct solution is the one that prevents the largest amount of piracy without disrupting the development cycle of the product. Customers won't appreciate it if their bugs go unfixed because you were implementing a key generator. Every second spent on the key generator is a second not spent on fixing bugs or introducing new features. Lack of features and prevalence of bugs can remove the guilt people associate with pirating the software.

TL;DR:
I think he's already solved his problem. It's not the most secure solution ever, but piracy control is a losing game and locks keep honest people honest.

AthlonRob

I did already solve my problem using a method similar to what I posted. The actual algorithm I use is much more difficult than 'the day of the month'. I think Atma said it best, while I may not have the best user code generating system out there, it will work well enough for me and the circumstances of my application.