Re: Creating unique, non-reproducible serial ID

From: David Chien <chiendh_at_uci.edu>
Date: Thu, 08 Mar 2001 11:51:21 -0800
Message-ID: <3AA7E2B9.19627FD8_at_uci.edu>

> >I'm looking for an algorithm to create a serial ID that I can give to users,
> >encrypted in a away that they will not be able to recreate other serial IDs.
>
> You can make it hard, but never impossible, cuz they can always guess
> and guess and guess and just get lucky.

That's for sure. But it depends on what application the ID is to be used for.

If, let's say, you're trying to allow only validated users from getting access to a part of your program or the whole thing, then it's very difficult without encrypting your program - just about all serial ID protection schemes out there are easily bypassed (ie. simply noop around the verification code).

In fact, just about anything that doesn't use encryption or server-hosted code (ie. parts of the code can only be accessed online on your servers and can't be downloaded), has been bypassed, easily (we're talking a few minutes here). Children can easily bypass most protection schemes with the common online tools available.

Encryption will work, but then requires more work on your end - you'll have to wrap the parts of the program/data you are protecting with the unique ID (or add the user ID to the allowed decrytion keys). However, this tends to be very, very difficult to bypass even with brute-force, distributed cracking - ala Adobe Font discs - and works extremely well. However, once the program/data has been decrypted, it can be reverse engineered and extracted - however, most people tend to be too lazy to do this even if they know how. PGP comes to mind as one method.

If the problem is to generate a unique serial ID only, then simply make it a very long , random looking string. The longer the better, and guessing the correct, let's say, 100 value ID is far harder even by brute force than a 10 value ID string.
Even a few basic operations starting out with a random number and a few operations on a long ID string can produce difficult to guess IDs.

Even converting a person's unique name into numbers with a lookup table will suffice here.

The basic book " Codes, Ciphers and Other Cryptic and Clandestine

                        Communication: 400 Ways to Send Secret Messages from
                        Hieroglyphs to the Internet" by Wrixton is a decently

easily to understand book covering the numerous ways that have been attempted to hide information, and there's ideas there as to what works and doesn't.

One idea is to use an elliptic curve algorithm to generate such serial IDs. They can be very difficult to reverse engineer (ie. if you don't know the generating function, it's hard to guess the valid IDs). http://www.cryptix.org/resources.html#ECC

You don't want to use the credit card number idea because that's already been reverse engineered.

-- Received on Thu Mar 08 2001 - 20:51:21 CET

This message: [ Message body ]
Next message: JRStern: "Re: Creating unique, non-reproducible serial ID"
Previous message: V e r b a l: "Any good texts on the web?"
Maybe in reply to: Lior Messinger: "Creating unique, non-reproducible serial ID"
In reply to Lior Messinger: "Creating unique, non-reproducible serial ID"
Next in thread: JRStern: "Re: Creating unique, non-reproducible serial ID"
Reply: JRStern: "Re: Creating unique, non-reproducible serial ID"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message