I have some difficulties for choosing the right algorithm for the following problem:
We write music software and a lot of people try to pirate music software. To protect us from these people we use an authorization mechanism that works like that:
1. the user gets a serial number for registering the product (buying online or inside the box)
2. the program generates a fingerprint to identify the machine (mac address, pentium serial, etc.)
3. upon authorization the program sends the fingerprint and the serial number to the server
4. the server checks if the the serial number is valid and signs both with the private key and sends back the signature
5. the software checks the signature with the public key and refuses to run if the signature if not valid
This works pretty well with people who have an internet connection. It works pretty bad for people without. At the moment we require people to key in fingerprint and serial number in a web front-end and download a signature file. This can be a major problem for people who have to use an internet-cafe and do not have a floppy disk drive (e.g. mac users).
The solution would be to let the user to key in the signature by hand (if he/she chooses to).
Now the question:
Is there a public-key algorithm that can sign with a signature length of 128bit (or preferably even shorter) and that would still be secure?
Any help appreciated
with regards
Ruotger Skupin--- Ruotger Skupin Developer [EMAIL PROTECTED] www.ableton.com
