AW: security code number generation
Peter Brigham MD
pmbrig at gmail.com
Mon Jul 18 09:46:32 EDT 2011
You could include (without telling the user) the contents of $user as part of what is inputted to generate the code. This would make it more secure but cause problems with portability, etc. I agree with the later posts pointing out the trade-offs between security and user-frendliness. Consider your decisions in that light.
-- Peter
Peter M. Brigham
pmbrig at gmail.com
http://home.comcast.net/~pmbrig
On Jul 18, 2011, at 3:43 AM, Tiemo Hollmann TB wrote:
> First: Congratulations to Shao to the winner of the FIFA womens soccer world
> championship: Japan!
>
> As I understand Zygodact, or Peters or Shaos approach the user can pass on
> his "name, etc." and the generated code to everyone else to unlock the
> software.
> How do you handle this issue? Is it just something "as is", is this scenario
> so negligible in your customer base that you just can ignore it, or do you
> count on the good in the people that they won't do it?
> Would be of interest on how you handle this.
> Tiemo
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: use-livecode-bounces at lists.runrev.com [mailto:use-livecode-
>> bounces at lists.runrev.com] Im Auftrag von Pete
>> Gesendet: Montag, 18. Juli 2011 09:15
>> An: How to use LiveCode
>> Betreff: Re: security code number generation
>>
>> Thanks Ken, that looks good. I guess the other missing piece is how to
>> control "demo" versions. Expiration dates seem to be the most common, or
>> maybe some limited function set.
>> Pete
>> Molly's Revenge <http://www.mollysrevenge.com>
>>
>>
>>
>>
>> On Sun, Jul 17, 2011 at 10:48 PM, Ken Ray <kray at sonsothunder.com> wrote:
>>
>>>> I'm looking for something to generate license codes for some software
> I'm
>>>> planning to sell. Do you think this would work for that purpose?
>>>
>>> Take a look at Zygodact; it does exactly this plus it has a DropTool
>>> component to make it a snap to work with.
>>>
>>> http://www.runrev.com/store/product/zygodact-1-0-4/
>>>
>>>
>>> Ken Ray
>>> Sons of Thunder Software, Inc.
>>> Email: kray at sonsothunder.com
>>> Web Site: http://www.sonsothunder.com/
>>>
>>>
>>>> Pete
>>>> Molly's Revenge <http://www.mollysrevenge.com>
>>>>
>>>>
>>>>
>>>>
>>>> On Sat, Apr 2, 2011 at 9:51 AM, Peter Brigham MD <pmbrig at gmail.com>
>>> wrote:
>>>>
>>>>> For anyone who might have the need, I have a handler I use to
> generate a
>>>>> security code, in my case for printed prescriptions. It takes the
> name
>>> of
>>>>> the patient, the date of the prescription, the medication and med
>>> strength
>>>>> and hashes all that to produce a ten-digit alphanumeric string (using
>>> 0-9,
>>>>> a-z, A-Z). If there is any question about the validity of the
>>> prescription I
>>>>> can retrieve the correct code from the rx entry in my database with a
>>>>> mouseclick (actually recalculating the code from the stored rx data)
> and
>>>>> confirm it with the pharmacy. This has proved useful on two occasions
>>> when a
>>>>> pt was playing fast and loose with his prescriptions.
>>>>>
>>>>> The algorithm is fast in LC, sufficiently obscure that I'm pretty
> sure
>>> it
>>>>> would be hard to hack -- though of course few things are bulletproof
> in
>>>>> encryption if someone wants to try hard enough -- and discontinuous
> in
>>> the
>>>>> sense that similar inputs do not generate similar outputs, eg, change
>>> one
>>>>> character in the input and the code number is completely different.
> The
>>>>> probability of coming up with the correct security number by chance
>>> alone is
>>>>> 1 in 10^15 (a million billion to 1). It could be adapted to any
> number
>>> of
>>>>> purposes. I am not posting the handler here, since it would be unwise
> to
>>> let
>>>>> it be archived and available, eg, with a Nabble search, but if anyone
> is
>>>>> interested, let me know and I'll share it.
>>>>>
>>>>> -- Peter
>>>>>
>>>>> Peter M. Brigham
>>>>> pmbrig at gmail.com
>>>>> http://home.comcast.net/~**pmbrig <http://home.comcast.net/~pmbrig>
>>>>>
>>>>>
>>>>> ______________________________**_________________
>>>>> use-livecode mailing list
>>>>> use-livecode at lists.runrev.com
>>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>>> subscription preferences:
>>>>> http://lists.runrev.com/**mailman/listinfo/use-livecode<
>>> http://lists.runrev.com/mailman/listinfo/use-livecode>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>>
>>>
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>
>>>
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
> subscription
>> preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list