How software publishers can squash piracy
It never ceases to amaze me how no sooner do I rip the cello wrap from my latest box of brand new software that I've shelled out hundreds if not thousands of dollars for, that I realize that there is already a cracked version complete with keygen that I could have illegally downloaded in a matter of minutes and at no charge at all (unless you consider criminal charges).
The basic flaw with the vast majority of software authentications is that they call for the entry of a "secret" long code in order to activate the program. This long code is usually the result of a complex calculation which takes the serial number and subjects it to all sorts of hexanumerical scrambling. Hackers can crack these calculations in nanoseconds, and then incorporate them into keygens which will fool your application into thinking that it has been duly validated and is an official copy.
Even Adobe who supposedly has an impenetrable online validation system features an easy workaround. Just choose to validate not on the internet but by telephone. You will now be presented with a screen that any keygen will make short work of. So much for rock-solid validation!
There are other, more secure options, but they are almost universally so burdensome to the user that they represent an insufferable imposition. Anyone who has had to validate their copy of Windows by calling Microsoft's toll free number and going through the process of reading out endless codes to the bored-sounding operator and then typing in an even more endless code of junk into the Windows Activation boxes will testify that although steps should be taken to ensure that only full paying customers have access to software, this level of gobbledigook is patently ridiculous.
The answer is to make a very minor change to how the hexanumerical scrambling is done. All that needs to be implemented is that the serial number to validation code calculation be done on secure servers belonging to the software publisher. Each serial number would have a lookup database of a single random set of characters. The calculation is then completed by factoring in this random sequence and generating an authorization code which is not only unique to that serial number, but uncrackable by any keygen. This system would also avoid registering many different users with the same serial number as each calculation would only be allowed once.
Therefore, when the new legitimate software owner wants to activate his software, all he has to do is to hit a button which allows the software to connect to the publisher's servers, communicate its serial number, have the server calculate the proper authorization code and unlock the software. This could be done in a couple of seconds without any need for users to key in A7HP1 D731B XU30V AL02B1 93NS9 ZS82M B290DK... until his fingers fall off.
The reason why software publishers may not have wanted to embrace this concept is because they want to allow the purchasers of their software who are not connected to the internet to be able to validate their registrations, but in this day and age, how many purchasers of expensive software applications are there who also don't have at the very least dialup access to the web? This solution can ensure that only customers who have legitimately paid for their software can activate it, and put the Trojan-Horse riddled keygens and their hacker creators out of business.