I have a Windows Monile app which I will eventually sell. I have used the blowfish algorithm to tie the program to the serial number of the program. It goes like this.
1. Program starts up and reads the serial no of the PDA. The serial no will be 40 characters long like so: F4E2A85A47A093E4E72EE54F37E03B853016BDA5.
2. My program puts this serial no through the blowfish algorithm (using a secret key) and the result must match a licence key that is located in a text file on the Mobile Device.
3. If they both match then the program runs else it shuts down.
Now I am responsible for generating this licence key using the blowfish algorithm and using the same secret key as the Windows Mobile program uses. So to produce the licence key I do the following:
1. Get the serial no from the PDA.
2. Run it through blowfish algorithm using same secret key as the Windows Mobile Program uses.
3. Store the output in a licence file and copy it to the PDA.
I want to ensure that my method is not flawed and that users will not be able to crack it. If a user sends me the serial no of the pda and I send them back a licence file, could they look at the two and somehow work out a way to crack it.
For example, here is a typical serial no from a PDA device:
and here is the resultant 'licence' file after it is blowfished:
Can my 'secret key' be cracked from the above two bits of data?
Thanks for any help