On Jan 1, 2010, at 3:51 PM, Benjamin Rister wrote: > On Jan 1, 2010, at 2:11 PM, Uli Kusterer wrote: > >> On 29.12.2009, at 21:24, Benjamin Rister wrote: >>> It’s not a serial number collision that causes the inconvenience for your >>> real customers. >>> >>> Once there’s a keygen, you have no way of distinguishing a legit serial >>> from a non-legit serial using your algorithm, period. The only remedy is to >>> change to another algorithm, retroactively invalidating all of your paying >>> customers serials in the process. You can’t just start issuing new serials >>> without impacting existing customers, because again, you have no way of >>> distinguishing in the field whether this is a paid customer or not. >> >> Well, usually people keep a record of issued serial numbers. Depending on >> your scheme this can be keeping the name and e-mail used to register, so you >> can generate the key again, or the range of "seed" numbers the newest batch >> of keys was generated from, or whatever. >> >> If your records show you never issued a key, you know it's not legitimate. > > The key phrase was “in the field”; it’s not that the knowledge doesn’t exist, > it’s just not usable. If your software has to check back with your licensing > servers in order to validate a serial, you’re now talking about an activation > scheme, in which symmetric vs. asymmetric etc. becomes academic. > > Under a standard serial scheme, following a keygen you have no choice but to > change algorithms and invalidate all existing licenses, full stop. Who you > choose to issue new licenses to is a separate matter, and I can’t think of > any possible way to do this without inconveniencing and annoying your > legitimate users.
The strategy I've heard used is when you create a license key system, include a bunch of distinguishing characteristics of the unlock codes. For example, 3rd character is always less than the 12th character, that kind of thing. If you have a dozen characteristics for a valid code, in your software only check for half (6 validation checks). If someone creates a keygen that creates codes that get accepted by your software, on your next release, add in another validation check. It will cause the keygen system to cease to work and it keeps your legit users with functional unlock codes. Kee Nethery ------------------------------------ MacSB email guidelines: http://tinyurl.com/2g55d6 Use MacSB-Talk for off topic messages: http://groups.google.com/group/macsb-talk Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/macsb/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/macsb/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
