I'm working with a developer who has placed his faith in a license scheme that makes little sense to me. He wants to tie a desktop application to a hardware component value, one of which is easily changed, the MAC address of the ethernet controller.
Now, I know no one likes licenses, he does want to protect his hard work and I can understand that. What can I tell him to help him out? In the very least I'd like to give him a path other than tying a license to a hardware component.
If he wants to be sure that only the licensed computer can use the software, a hardware key is one of the only options to be sure that the hardware(computer) is the same as the one the license was purchased for.
It can be easily cracked(so can anything), but it's not so easy to use two computers with the same mac address on the same network segment.
I don't see how a UUID will make a license more secure, or help to accomplish the goal of restricting one license per computer.
With licenses it depends on what the goal of the license is, having a unique license per computer may be a valid decision(although I personally don't like it), but it has to be remembered that licenses will only keep honest people honest in the end, and if someone decides to, they will crack your license scheme.
I am sure this will not convince anyone who doesn't already share my view, but I don't see any value in licensing schemes that are more complicated than a short serial number, perhaps "phoning home" so you can detect if it is being abused and disable it. If the software is moderately popular, it will be cracked, whether you invest $5 or $5 million into the licensing scheme. Put those millions toward building a product that honest people (the majority) are willing to pay for and upgrade. If more protection is needed, hopefully the application can be converted to a web service.
In one of the podcasts, Joel said something like this (I'm paraphrasing):
Just make your licensing scheme hard enough to crack so that it's a little easier to pick up the check from accounting and just order another license. That keeps those people honest that are worth thinking about. The rest of them are not going to give a penny to you anyway.
Good point, I guess.
It all depends on how many users he expects and the price of his application, but in any case a mac address can be easily changed and will certainly only annoy valid users. In my opinion a standard serial will just do fine. If something shows up in P2P networks, just talk to the user to whom you issued the serial and ban it in the next release. To make a long story short, in the eye of a fraudulent user the only difference will be, if he downloads "CoolApp.v1.11.Incl.Keymaker-GroupName" or "CoolApp.v1.11.Incl.Keygen.and.Patch-GroupName".