security code number generation

[Kee Nethery]

Most unlock algorithms have a method of confirming that the unlock code is correct. One or more verification steps. That verification code lives in the application that users (and crackers) have access to. If someone really wanted to create a code generator for your software they'll be able to by looking at the verification code in the application. How do you tell the difference between a good and bogus unlock code when someone releases am unlock code generator for your software?

One method of handling this is to create the unlock code with say a dozen verification parameters. For example, a verification check might be that the 4th char is always mod 3 of the 8th char. In your application, include checks for only 6 of the parameters. If someone releases a code generator, it will create codes that pass the 6 validation steps but it is highly unlikely that they will pass the 6 that you did not check for in your application. The next version of the application can add 2 of the additional parameters to the verification step and you will still be able to tell the difference between good and bogus codes.

But, in general, I agree with the previous comment. Time spent building code to prevent people from using your software is typically better spent building code that makes people want to use your software. For most software, people who pirate it were never going to pay for it and probably are not actually using it. Focus on building market share. 

Kee Nethery