views:

691

answers:

5

What is a good way to randomly generate some not-likely-to-be-randomly-generated-again activation codes to use for activating software? I am making an auto-fulfillment system for a web application.

I am using C#.

+12  A: 

Guid.NewGuid()

Jab
+1 for this, other than the fact it will be a pain for the users to enter (send them an email so they can copy/paste) it is unique and will most likely not be regenerated.
Tom Anderson
I don't know about this one. If the expansion and contraction of the universe is in fact cyclical instead of one-shot, you will eventually get duplicates.
MusiGenesis
I think Guid.NewGuid() already uses CurrentUniverseSize() so it'll work either way.
Mike Powell
+1  A: 

You should probably just use a Guid

Neil N
+2  A: 

Guid.NewGuid().ToString()

If you don't mind a 36 character length.

Yuriy Faktorovich
+2  A: 

It depends on your goals. A GUID is simple to generate, but it's a pain if the user has to enter it manually. That's fine if activation is happening by (say) clicking on a URL provided in email, or if you can expect the user to copy and paste a value from an activation email.

In other cases (e.g. shrinkwrapped software where the activation code is physically printed on the packaging in some manner), the user will be manually entering the code. In this case, you're better off using a method akin to what Microsoft and Blizzard use: generate a code consisting of five groups of five random alphanumeric characters (omit vowels if you want to eliminate the risk that an activation code will contains something like 4SHIT), and check each code generated against a master list for duplicates. (Though I think the odds of even a 100,000-sequence extracted from {1, 2, ... 34^26 - 1} containing a duplicate are pretty small. It's hard to say for sure, because the only way I know of calculating it overflows a double.)

Robert Rossney
+1  A: 

When using Guid.NewGuid(), any GUID will match. So anybody can generate their own GUIDs and use them with your software. How would you differentiate between the genuine ones and others?

What you need is a cryptographic licensing scheme such as CryptoLicensing where only you can generate codes and your software will validate those codes.

logicnp