View Issue Details

IDProjectCategoryView StatusLast Update
0003296JEDI VCL00 JVCL Componentspublic2006-04-04 07:00
ReporterbeckmiAssigned Toobones 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionwon't fix 
PlatformWindowsOSWin 2000 SP3OS VersionDelphi 6.02
Product Version 
Target VersionFixed in Version 
Summary0003296: Security problem with JvSerialMaker
DescriptionOn behalf of Max:

--------------------
Hi,

I change 4 lines in the .pas file of JvSerialMaker.
Problem : If you enter Test1 and Test2 for username, the key is the same. For my software, is a big problem. So I correct this.
The change is :

function TJvSerialMaker.GiveSerial(ABase: Integer;
AUserName: string): string;
var
  A: Integer;
begin
  if (ABase <> 0) and (AUserName <> '') then
  begin
    A := ABase * Length(AUserName) + Ord(AUserName[1]) * 666;
    Result := IntToStr(A) + '-';
    A := ABase * Ord(Length(AUserName) div 2) * 123;
    Result := Result + IntToStr(A) + '-';
    A := ABase + (Length(AUserName) *
Ord(Length(AUserName))) * 6613;
    Result := Result + IntToStr(A);
  end
  else
    Result := RsError;
end;

With this new serialmaker, the username Test1 and Test2 are different.

Good computing ;)

Max

TagsNo tags attached.

Activities

obones

2006-01-08 12:23

administrator   ~0008349

Well, the problem is that the serial number is NOT reliable at all.
And changing the algorithm now means breaking the code of many exisiting users.
After all, it's not only "test1" and "test2" that give the same result, it's the following regexp that gives the same result :

t?{4}

a t followed by any four characters...

obones

2006-04-04 07:00

administrator   ~0008892

As I said earlier, this will not be changed.

Issue History

Date Modified Username Field Change
2005-10-30 23:13 beckmi New Issue
2006-01-08 12:23 obones Note Added: 0008349
2006-01-08 12:23 obones Status new => feedback
2006-04-04 07:00 obones Status feedback => resolved
2006-04-04 07:00 obones Resolution open => won't fix
2006-04-04 07:00 obones Assigned To => obones
2006-04-04 07:00 obones Note Added: 0008892