java - 如何设计带时间限制的激活码?
我做了个软件,想用激活码方式授权,有些只想授权1个星期,光是授权的话,用MD5做加密的,但是怎么让激活码带着授权时间让程序识别呢?
请教大神们
我做了个软件,想用激活码方式授权,有些只想授权1个星期,光是授权的话,用MD5做加密的,但是怎么让激活码带着授权时间让程序识别呢?
请教大神们
PHP中文网2017-04-18 10:31:43
Don’t even think about installing the client. If you change the computer time, the program will be over. It is recommended to put it on the server side for authentication. When starting, use HTTP to verify whether it has expired on the server side
PHP中文网2017-04-18 10:31:43
It’s very simple,
1. First, use the server to verify the validity of the authorization code;
2. MD5 rules can be generated by adding time. For example, if the authorization is valid for one month, then your MD5 can use MD5(authCode+dateformart( new Date(),"yyyymm")), in this way, the MD5 generated by your authorization code will be the same within a month, that is, the authorization code is valid. Note that it must be verified by the server, and the time must be the server's time;
3 , MD5 rules can be added with a few more layers to prevent them from being cracked by credential stuffing. You can add MD5 (SHA512(salt+authCode+dateformart(new Date(), "yyyymm"))), so that it is basically impossible to crack. Salt can be used. Each authCode generates a random variable and saves it on the server.
PHP中文网2017-04-18 10:31:43
There are many methods for this, but there is no guarantee that it will not be cracked.
Simply speaking, you can add time information to the verification code.
For example, if the validity period you need is 7 days, then you can use the date of the day you generate the verification code as a factor for generating the verification code.
When your program is doing verification, get the current date and push it forward six days, for a total of 7 days, and generate 7 verification codes in the same way for verification. If one of them is correct, it means it has not expired.
大家讲道理2017-04-18 10:31:43
Don’t you also use one number to calculate your MD5? Wouldn't it be enough to just add the time information?
高洛峰2017-04-18 10:31:43
If you don’t want to be cracked, you can only put it on the server. I can provide you with free back-end services, haha
PHP中文网2017-04-18 10:31:43
The easiest way is to store your md5 encrypted activation code + date in the database. Just judge the time during verification. Of course, the activation code cannot be repeated. You can set a primary key or a unique index
怪我咯2017-04-18 10:31:43
If you use md5 encryption, you cannot put the date in the encrypted string. Use another encrypted string or plain text for the date. If you don’t want to be cracked, use server authentication
黄舟2017-04-18 10:31:43
You can design the data structure like this: {'a':'Verification code','b':'Expiration time (length of time from 1970)'}, and then encrypt the string.
黄舟2017-04-18 10:31:43
It is more convenient to do it on the server side. There are three fields on the server side, expiration time and whether it has been used. The client only needs to know the key
