Click here to Skip to main content
15,749,281 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
hi friends,

I use the following C# code to calculate a MD5 hash from a string. it works well and generate a 32-character hex string like this:
string sSourceData;
byte[] tmpSource;
byte[] tmpHash;
sSourceData = "MySourceData";
//Create a byte array from source data.
tmpSource = ASCIIEncoding.ASCII.GetBytes(sSourceData);
tmpHash = new MD5CryptoServiceProvider().ComputeHash(tmpSource);
// and then convert tmpHash to string...

ok, now i have a question:
Is there anyway to use a code like this to generate a 16-character hex string ( or 12-character string ) ?? 32-character hex string is good but i thinks it'll be boring for costumer to enter the code !

i'll appreciate any help. sorry for my bad english,
thanks in advance.
Updated 12-Jul-12 4:23am
lewax00 12-Jul-12 10:24am    
Any reason you can use something like the first 16 characters of that string?
Mohamad77 12-Jul-12 13:18pm    
it's almost ok, but i think using 16-char hex string could calculate repetitive KEYs.
for example H(x) = [A][B] (A: 16-char, B: 16-char)
and H(y) = [A][C]
although the result of H(x) and H(y) is different, the first 16-char is the same ! and it will hackers to crack the KEY !
am i wrong !!?

thanks for answer.
lewax00 12-Jul-12 15:03pm    
As far as I know, MD5 isn't exactly secure to begin with. But if you really want to help the user out, make a way to just copy and paste it (e.g. send it to them in an email).
Mohamad77 13-Jul-12 0:26am    
thanks lewax.
what do you mean by saying that MD5 isn't exactly secure to begin with!? do you have any other idea ?
would you explain more please?
lewax00 13-Jul-12 0:30am    
It's apparently relatively easy to generate collisions with it (e.g. creating the same hash from different input). Check out the Wikipedia article for more detail:

1 solution

An MD5 hash is always a 128 bit value. It would be possible to use the number to generate a alphanumeric code, but unless you use upper and lower case (and the user is aware that case is significant) you are still looking at a 22 character code for them to enter.

Why would you want your user to enter the hash anyway?
Share this answer
Mohamad77 12-Jul-12 13:11pm    
thanks for your answer.

I want to publish an application for windows,
the user should buy the license to use my application,
so my application request two fields: USERNAME: ... , and KEY: ....
I want to hash the USERNAME and create the KEY, then the user should enter the specific USERNAME and KEY.
my problem here is that the KEY should be 12-characters,
(But in MD5 hash, I get the 32-char KEY).
you mean that i should change the 32-char KEY to 12-char KEY manually !?
please help me, i really need it.
OriginalGriff 12-Jul-12 14:04pm    
I mean you can't change a 128 bit MD5 value into 12 characters at all! 128 bits is 16 eight-bit bytes, most of which are not available from the keyboard. :)

The other problem is that if you just straight hash a username, then the same username will work on any PC that they type the hash into - it's an example of a anti-piracy measure that does nothing for security, but annoys legitimate users.

Dump the MD5 - it's just going to waste your time and annoy people. Have a look on Google for "simple software protection" instead, and you will find a variety of ideas - your problem is not unique! :laugh:
Mohamad77 12-Jul-12 15:00pm    
ok thanks,
but i think if i use the unique hardware id ( e.g. Processor ID ) as the username, in this way each license can just be valid on a specific computer !!
i mean in this way every computer has it's own specific username ( e.g. Processor ID ) !
am i wrong?
so i hash the unique username, and give the KEY to the customer.
32-char KEY annoying customers i think !
isn't there any hash algorithm, or any other way to create 12-char KEY from the unique username !?
thanks again.
OriginalGriff 12-Jul-12 15:29pm    
The Processor ID is already a 16 hex digit number, and it isn't unique! To add insult to injury, some processors don't support it, and what are you going to do with systems with multiple processors in them? :laugh:
Ask your self: do you really need this? Are you going to lose so much money that it is worth a considerable effort of your time to prevent the (probably small) number of thefts? Because if you don't get it right, you will piss off more legitimate customers than you will prevent pirates - who look at software protection as a challenge. There are companies who I will never buy software from again, because of bad experiences with their protection systems as a legitimate user.

If you are going to lose a lot of money, then look at a commercial package - they are cheap compared to the work involved!
If you aren't going to lose a lot, then just drop the idea, and use nothing or a simple internet register-and-use system instead.
Mohamad77 13-Jul-12 0:33am    
Yes, i have thought about some of these scenarios !
and i'll try my best to make it easy for the customer.

yes, losing a lot of money and paying for the damage to the companies is making me to secure my software more and more !

thanks for the help Griff :)
i'll appreciate any other idea to solve my issue !

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900