The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

Advice On Developing a Software Registration Mechanism

I developing an application in C#.Net that I want to distribute with a 60 day free trial. After the 60 days the user would have to buy a licence or program disables itself.

Does anyone have any experience with developing this sort of system? What are the pitfalls? Any tips for making this process secure and robust?
Martin Brown Send private email
Wednesday, July 06, 2005
Yes. Buy a prebuilt system. There are several flexible ones, which have had far more time and money invested in them than you can put in for the purchase cost...

This is one place where it's almost totally pointless to roll your own...
Andrew Cherry Send private email
Wednesday, July 06, 2005
"Yes. Buy a prebuilt system."

Is there one you would recommend?
Martin Brown Send private email
Wednesday, July 06, 2005
Check out


The first one will show you how you can create a custom license file using private/public encryption.  The second one will give you tips on making it harder to crack your software.
Wednesday, July 06, 2005
I say partially roll your own..

Those prebuilt jobs are probably easy to use, but they are a nice target.  If it gets cracked for another software app, then it will surely be cracked for your app as well.  Especially if you use the prebuilt code in an obvious way, so a cracker will know your using "Armidillo" or whatever you use.

Besides, it is a lot of fun to code you own.  Just use some of the available crypto code you can find on the net.

I used some public domain RSA code I found on the web.  Really cool working with the exponents, P,Q,etc.. I really learned a lot about encryption and digital signatures.  I just simply sign some user data and then MIMEe it into a crypto "key".  Its tough to crack if you use GOOD random numbers.

Wednesday, July 06, 2005
I should note that I used a non-microsoft API, and my API was cross platform.

Using the microsoft API is a good choice, just be sure the random numbers are truly random.  This is how a version ASP protect was cracked.  The random number was not truly random and they we able to narrow the possible keys down to a small number and brute force the thing.  Fascinating read, even if it was written by a cracker. (google it)..

I used random numbers from hotbits and/or

Wednesday, July 06, 2005
While this does not deal with C#, nor specifically with time trials, you could nerveless find it interesting.
Thursday, July 07, 2005
"Besides, it is a lot of fun to code you own.  Just use some of the available crypto code you can find on the net."

Be sure to tell your boss you're doing this, and that it will only take a few more weeks of dev time! And that, oh, the test guys better hammer on it...better make sure they know how to test crypto stuff...and hmm, better figure out how we're going to support this fun project release after release...

But it sure is fun! God forbid a business-critical project like software registration not be FUN!
Tuesday, July 12, 2005

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz