Key Generation 1

[kurie]

Hello everyone
How best can i generate a key for a client using a combination of variables, say company name, telephone number.
I have tried encyption but one think i dont like is that some undesirable characters(eg #, !) also appear on the key.
Can someone please help.

 

[abcfantasy]

You may want to use a hashing function to generate a number based on some data input, in which case you could use System.Security.Cryptography.HashAlgorithm class.

The following link gives a good example of its usage:

http://www.obviex.com/samples/Code.aspx?Source=HashCS&Title=Hashing Data&Lang=C#

Try to give it a look and ask if you do not understand something. The result only consists of numbers, no symbols (or letters).

I hope that helps.



|| ABC

 

[kurie]

Thanks,
It helped me a lot, But how strong is this from hackers.

 

[Guru7777]

What makes a hash potentially problematic (to hackers or whomever) is their ability to reproduce it in some other way than brute force (besides knowing your original factors).

If you use a SHA256 hash, there have been no known collisions on that hash (SHA1 was listed as broken in 2005).

But, in reality what would make your hash insecure is if people knew your hashing algorithm (You would be hoping for security through obscurity) or if people knew your criteria for the hash.

Therefore, how secure this is depends on whether a hacker could have the information used to make the hash (since hashes are re-creatable.. that's the point).

----------------------------------------

TWljcm8kb2Z0J3MgIzEgRmFuIQ==

 

[kurie]

Thank you guru.

 

[stevexff]

Why do you need to generate a key from anything? In my experience a dumb key (i.e. one not based on any user data) is the best one to use, especially for database keys. Use a GUID for a (primary) key, then just index the other fields/columns appropriately so you can find your data later.

Then you don't have to worry about security or collisions.

Just my $0.02 worth...

Steve

[small]"Every program can be reduced by one instruction, and every program has at least one bug. Therefore, any program can be reduced to one instruction which doesn't work." (Object:erlDesignPatterns)[/small]

 

[kurie]

Hie Steve
Im not sure if my question was clear but what i meant by key was something like 34fg-fjsg-e34g, like the micosoft insatllation keys.
Im just worried abt the security of my algorithms so i thought maybe its better to use proven ones.
On the combination of data im no longer using a fixed combination but a dynamic key which changes everytime.
Thank you very much

 

[Guru7777]

@stevexff

Kurie wants to make an installation key for a product. Unless there is a key server, a guid can't be verified as a proper product key. Anyone who can go

SELECT newid()

or

Console.WriteLine(System.Guid.NewGuid().ToString());

could make a "valid" key on the system. I think that Kurie was trying to make the key something that could be verified and tied to a machine and have some way of checking validity.

----------------------------------------

TWljcm8kb2Z0J3MgIzEgRmFuIQ==

 

[kurie]

thats exactly what i want Guru, Thank you,
i have got something thats working now, it looks fine but still not very confident with the security though.

Thank you very much guys for your help

 

[chiph]

The hash is really strong.

What is not strong is the code in your app to read & decode it. People trying to bypass your security will decompile your app, and then patch it to bypass your check.

My advice is to either:
1. Just not worry about it.
2. Release a new version every so often, where that code has been changed.

Chip H.


____________________________________________________________________
www.chipholland.com

 

[kurie]

Thanks Chip,
i really like the first recommendation