Unique Crypting Method
Hello guys,
I need a crypting method, that will convert a string into a crypted one. I searched the google and fount things like md5, but even a kid can breake it. I need a method in which I can insert some kind of a decrypting password, so that to write a function with a parameter of this password.
I know that there are this king of methods, but the idea is that the crypted string need to be short. For example if I crypt ten chars long string the crypted should be a maximum of 15-20 chars. I need this function in order to generate serial number that are made by a unique hardware ID and the period of time for which the program can be used. The serial number needs to be short in order to be dictated by the phone.
I need a crypting method, that will convert a string into a crypted one. I searched the google and fount things like md5, but even a kid can breake it. I need a method in which I can insert some kind of a decrypting password, so that to write a function with a parameter of this password.
I know that there are this king of methods, but the idea is that the crypted string need to be short. For example if I crypt ten chars long string the crypted should be a maximum of 15-20 chars. I need this function in order to generate serial number that are made by a unique hardware ID and the period of time for which the program can be used. The serial number needs to be short in order to be dictated by the phone.
You could try ccrypt.
ASKER
Infinity08, I completely agree with you, except for one thing. MD5 is reversable if you only know that it's been used to hash the data. This thing with the secret password is interesting, but if they have the algorythm and one serial key, they can see the secret password.
One thing, that came in my mind is to ... somewhat mod the MD5 algorythm, so that it generates a string that is not exactly 255 - ASCII of the char. This will be unique and not just like MD5. So it's going to be at least a little secure this way.
What do you think?
One thing, that came in my mind is to ... somewhat mod the MD5 algorythm, so that it generates a string that is not exactly 255 - ASCII of the char. This will be unique and not just like MD5. So it's going to be at least a little secure this way.
What do you think?
ASKER
Oooh the MD5 is not working that way. I am talking bullshit here. Sorry.
>> MD5 is reversable if you only know that it's been used to hash the data.
No, it's not. It's somewhat vulnerable to collisions, but you cannot easily reverse it.
>> Oooh the MD5 is not working that way.
Ah, I see you came to that conclusion too ;)
No, it's not. It's somewhat vulnerable to collisions, but you cannot easily reverse it.
>> Oooh the MD5 is not working that way.
Ah, I see you came to that conclusion too ;)
Don't mess with custom hashing or encryption. The algorithms that are in use today have been designed by maths brains, analysed and tested to destruction, and at least their weaknesses are known. (And unless your enemies have quantum computers, I wouldn't worry about the weaknesses just yet.)
Custom hashing and encryption functions are tinker toys which are doomed to fall apart and make cracking far, far easier. And what you suggest with changing MD5 is known as "security through obscurity" and that's doomed to fall over after a bit of probing, just like the fake wall in Dawn Of The Dead. (The original, not the noughties action movie remake.)
Custom hashing and encryption functions are tinker toys which are doomed to fall apart and make cracking far, far easier. And what you suggest with changing MD5 is known as "security through obscurity" and that's doomed to fall over after a bit of probing, just like the fake wall in Dawn Of The Dead. (The original, not the noughties action movie remake.)
ASKER
OK HackneyCab, then what is not doomed. Give me an idea :).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Checking the key on my server is good, but on clients with one working place that don't need internet, it's not going to work. I will use the hash funcion and some other things for security. A thank you for the help Infinity08. :)
MD5 is a hashing algorithm. It does not encrypt.
>> but even a kid can breake it.
Heh. That's not true. The MD5 algorithm is not reversible, and breaking it is quite hard. It's not the best cryptographic hash out there, but claiming a kid can break it is exaggerated ;)
>> I need this function in order to generate serial number that are made by a unique hardware ID and the period of time for which the program can be used.
Ok, then you don't need encryption. A cryptographic hash sounds suitable indeed. However, just having the hardware id and the validity period in there is probably not enough. You might also want to put in a secret key in there that no-one (except you) knows. Otherwise, anyone can generate a new serial if they figure out the algorithm that was used to generate it.
The other issue with license keys, is where they are checked. If the software itself is gonna check the key, then the software can be reverse engineered to extract the algorithm, so that's not safe at all.
The only way to be somewhat safe, is to check the key on a license server owned by you. The problems with that are that you force your customers to be online when they use your software, and that keys can still be stolen.
In other words, there is no guaranteed way to secure your software with a license key. A simple cryptographic hash of some information unique to the user and/or the hardware and/or the software should be enough to deter most though.
Some good, common cryptographic hashes include MD5 and SHA-1. But many more are out there :)