Product key

This sequence is typically entered by the user during the installation of computer software, and is then passed to a verification function in the program.

This function manipulates the key sequence according to a mathematical algorithm and attempts to match the results to a set of valid solutions.

Because of this, software publishers use additional product activation methods to verify that keys are both valid and uncompromised.

Another method involves requiring one-time or periodical validation of the product key with an internet server (for games with an online component, this is done whenever the user signs in).

The server can deactivate unmodified client software presenting invalid or compromised keys.

The cryptographic algorithm used to encrypt the Installation ID is a proprietary four-round Feistel cipher.

The round function of the cipher is the SHA-1 message digest algorithm keyed with a four-byte sequence.

The mapping between the Product ID in decimal representation and its binary encoding in the double words P1 and P2 and the byte P3 is summarized in the following table.

wpa.dbl is the RC4-encrypted database that stores, expiration information, the confirmation ID of an activated installation, the bit-field values representing the current hardware configuration, and the bit-field values representing the hardware configuration at the time of product activation, etc.

If more than three of these ten bit-fields have changed in the current hardware configuration since product activation, re-activation is required.

If bit 31 of H2 indicates that our computer supports a docking station, only seven of the ten bit-fields mentioned above are compared.

The bit-fields corresponding to the SCSI host adapter, the IDE controller, and the graphics board are omitted.

Some of the most effective product key protections are controversial due to inconvenience, strict enforcement, harsh penalties and, in some cases, false positives.

For example, all copies of Splinter Cell: Pandora Tomorrow originally shipped to Australia without product keys.

It is common for an online system to immediately blacklist an account caught running cracks or, in some cases, cheats.

[citation needed] Particularly controversial is the situation which arises when multiple products' keys are bound together.

Similarly, with Valve's Steam service, all products the user has purchased are bound into the one account.

[citation needed] Bans are enforced by servers immediately upon detection of cracks or cheats, usually without human intervention.

[citation needed] A common cause of false positives (as with the World of Warcraft case above) is users of unsupported platforms.

For example, users of Linux can run Windows applications through compatibility layers such as Wine and Cedega.

Product key on a Proof of License Certificate of Authenticity for Windows Vista Home Premium