Ask HN: Software Key Generation - Best Practices?
I am a small independent software vendor. When a vendor sells my software to a customers, I want them to visit my web page (PHP/MySQL) to generate a new "Software License Key" that they provide to the customer.
When the customer first starts the application, they enter their Name and Key, and the application "phones home" to validate the key.
I am very interested in recommendations for precisely how to generate they keys, and any common errors or security risks. Obviously, we want to avoid crackers being able to generate fake keys. We also need to prevent crackers getting into the key-generation web site and gaining access to the database, or tricking it into generating new keys (without being an authorized vendor). It would also be nice if there was a way to check (without phoning home) that a key is "probably" valid (such as, it has the right checksum, and is not on a blacklist hard-coded into the latest version).
Any tips and references in this area would be appreciated.
3 comments
[ 3.1 ms ] story [ 11.2 ms ] threadI am assuming that the people won't direct access to this logic in your PHP application. I don't use PHP so don't know if you can pre compile your app.
I am more of a Mac programmer. ... In a Microsoft/Windows/Intel world, ... what would be one (or a few) specific examples of hardware id that would be available on most PCs??
I don't need a detailed explanation. Just a few quick links to online info sources would be a great help.