Random String Generation

ve

Does anyone know how software vendors generate and validate unique serial numbers or strings, typically used for license validation (algorithms). E.g. BTWD2-JDKSDF-SDFKLKSDF-234SDF. Now that's a bit long for what I would need because I'm not selling software, but can't be too long because that would seriously impact the performance of the algorithm I'm trying to use in my research. The above is more like what Microsoft and many other large corporations would use. I'd be talking more along the lines of just "ABD4K23K12" (to keep processing down). When Microsoft software etc asks you to enter a license number, how can they check to see if it's valid?. I doubt for example if I ran a brute force serial number generator it would be easy for me to generate a valid code. There has to be some other force at work that pushes the serial number entered through some process to A) see if it is a valid formed code (not just alpha numeric) see if it correct!.

The Maths Bit...
If my maths is correct (and it rarely is): the number of possible characters between the letters of the alphabet & numeric digits is 36. Then if I was to randomly generate a string 10 charcters long using those 36 unique characters, the number of 10 digit combinations I could produce would be: 36^10, which is 3656158440062976 (...a lot!). Even if I generated a few billion unique random codes from that, there is still a lot left over. What about brute forcing?, or am I absolutely mad, and way off on how this should be done.

Basically I'm trying to find out if there is a way that I can create alpha numeric strings where by a cracker couldn't come along with a brute force approach and just start with "AAAAAAAAAA", "AAAAAAAAAB", ... all the way up to ..., "9999999998", "9999999999", and easily stumble across valid codes along the way.

Before people start sending me to software licence protection companies, that's not what I need in this case. Basically I'm working as part of a research group on a research problem and what I'm working on would really benefit from the ability to generate unique random codes as part of a dataset, not that long (at most 10 characters in length) that cannot be easily guessed using brute force techniques. I suppose the fact that they are not that long is a problem in this regard because the likes of GUID's would have been perfect, but the fact that GUIDs are so long would absolutely kill the other part of the system which many other people in my research group have put in a lot of time and effort already.

Is this possible? perhaps there is a cryptographical approach that could be the solution, but my background is not in cryptography.

boars.ie

Only once I had to rev-engineer an app and track the process of key validation.
In this case it was abcd-efgh-ijkl-mnop where mnop part was in fact a form of checksum
of the former parts. In other words, the key was "self contained", simple as that.
As for Microsoft, registration of Windows makes me think, that they just maintain
a database of pre-generated valid keys and check incoming registrations against it.

ve

Typical, my mate has just found a way to take care of the larger problem, making this process redundant. We no longer need to produce the same sort of dataset, and therefore no unique codes.

I will however keep your checksum idea in mind if I do come against a similar problem again. Cheers boars.ie

Mods feel free to close this thread.

amen

a check sum is your soultion.
it is used every where , Credit card numbers, check no, Car VIn no, driving licence number in a lot of countries etc

Old and reliable technology (even before computers)

you could read the mac address of the network card and use that or
if you are runing in MS environment look up CreateGUID (might be CoCreateGUID)
this is guaranteed to generate a unique numver