The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Agile Buzz Forum
Serial Number Generation

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
James Robertson

Posts: 29924
Nickname: jarober61
Registered: Jun, 2003

David Buck, Smalltalker at large
Serial Number Generation Posted: Jun 27, 2005 7:57 PM
Reply to this message Reply

This post originated from an RSS feed registered with Agile Buzz by James Robertson.
Original Post: Serial Number Generation
Feed Title: Cincom Smalltalk Blog - Smalltalk with Rants
Feed URL: http://www.cincomsmalltalk.com/rssBlog/rssBlogView.xml
Feed Description: James Robertson comments on Cincom Smalltalk, the Smalltalk development community, and IT trends and issues in general. 		Latest Agile Buzz Posts
Latest Agile Buzz Posts by James Robertson
Latest Posts From Cincom Smalltalk Blog - Smalltalk with Rants

Advertisement

2:45 - Dan Antion of American Nuclear Insurance. Here he is:

Dan Antion

He's pointing out that he discovered this rather than inventing it - he's sharing his experience and demonstrating their results.

They had a limited need for application protection, a greater need for tracking - which versions are running, and where they are. They needed a distributed, Smalltalk solution. The lessons they learned - Choose your enemy:

  • Casual Sharing - you might be able to stop this
  • Hacking of shareware or time bombs - harder to stop
  • Cracking and distributing keys - you won't stop this without a large effort/resources

They use a number of tactics:

  • Difficult to guess elements
  • Transaction Information
  • Version Information

The response depends on the threat level and risk of loss. They use a set of numbers (including base 26 primes, version tags, etc) to create the designator.

  • First - base 36 large prime, selected from a table based on the serial number. They restrict the choices based on an algorithm. This results in a 5 character number.
  • Next is the product code, can include some significance (where it was released, etc). # characters
  • Next is a 4 character Nth prime generated on the fly (based on the serial number) - this could be anything
  • Next is a one character number or code
  • Next is a 5 character alpha-numeric from the username and serial number. It could fit any kind of mask pattern
  • Finally, a 3 character minor version number - probably useful for the "About" box"
  • Last step - they obfuscate it some to mix it up. They rearrange it (could be a shift, hash, etc).

They made this modular so that it could be modified over time, to allow for different sorts of keys for different releases, etc. Their primary purpose is tracking. Once nice thing is that automated support requests can include the key, so that support can tell where it came from (supported rev, demo, etc, etc). One simple technique to frustrate brute force attacks on a validation server (not that they do this) - insert a delay in the validation to hinder brute force attacks.

Very important - don't annoy real customers. Respond appropriately, but make sure you find out what's happening. Actually contact the user.

Read: Serial Number Generation

Topic: ICFP Contest - interested? Previous Topic   Next Topic Topic: A few good Smalltalkers
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use