
Generating License Keys in 2019 - mherrmann
https://build-system.fman.io/generating-license-keys
======
kstenerud
You don't have to make keys difficult to type. Just generate an rsa blob of
whatever data you want and then pass it through a binary-to-text converter
designed to avoid confusing characters, like
[https://github.com/kstenerud/safe-
encoding/blob/master/safe3...](https://github.com/kstenerud/safe-
encoding/blob/master/safe32-specification.md)

Then you don't leak information because it's all layered, encoded BEFORE you
generate the human inputtable text, and can contain any information you want.

------
IloveHN84
Some issues here:

1\. RSA nowadays is a poor choice, better Elliptic Curve algorithms.

2\. Keeping in code some blocks like "isLicenseValid()" is a faster help for
reverse engineering attacks, because the crackers can simply skip that code
block and you're done.

3\. Security might be improved by obfuscating + applying signature
verification (performed online, not offline on client) + avoiding storing any
relevant status about license verification/key on the system registry or
drive. Do these steps on the fly, always. In conditions of poor networking,
check if you've some evidence of previously working sessions (e.g. saved
files, last used ones from your app, personal settings). If not, throw an
error

------
meta_AU
Shorter and more secure alternative with elliptic curve zero-knowledge proof -
for example with a 160bit curve you could have a 240bit (30 byte) licence key
comprised of a 160bit field element and an 80bit hash.

