That may appear 'flip' but without any way of knowing how you would determine if a code is or is not valid that is about all anyone could do here.

You could...
- Have a list of all valid codes in your program and test using
Or, you could store all valid values in a text file...
.. and just compare the input to see if that value is in the text file.

Or you might have some algorithm you use with check digits or something.

The bottom line is, you need that "business rule" before you can even think about writing your IsCodeValid() function.

MCM

I suppose it's the business rule I'm looking for then.

Well, I just generate more-or-less random serial numbers, and store em in a file after checking to make sure they are not duplicated.

No muss, no fuss, no bother.

I think you can use the GUID functions to generate guaranteed unique values. You could store those in file, too.

MCM

The problem with that is I'd have to store those numbers in the code.

I'd rather compute something...
or actually do a computation on someting to check it....

Paul, do not store serial numbers in your code. Store their hash values instead.
If the user enters his serial number, calculate the hash value of that serial number (using SHA-1, SHA-256 or other (see source code forum)). Compare the calculated hash value with the hash values stored in your code.
If there is a match, the serial number is valid. If no match, serial number is not valid.
The advantage of storing hash values rather than serial numbers itself in your code, is that no hacker can find a serial number inside your code by disassembling it, because there aren't any.
And if he would find a hash value in your code, he would not be able to derive a valid serial number from it (if you are using a secure hash algorithm like the ones mentioned above).

The problem is, schemes like these are usually 'broken' because the hacker looks at the code where you compare the calculated hash value with the stored one. He changes the lines:
into:

and he could run your program without knowing the serial number.
Of course, above scheme works just fine for your average computer user. It is ideal to 'keep honest people honest'...

Kind regards

Paul,
how about something like this:
Just choose your own bignum and offset.

Paul.

This is about as low-security as I could think of off-hand.

How about just a simple checksum routine? The key generator randomizes all but the last byte/word, which is calculated to make it all equal some checksum of your choosing.

If it needs to be a little more impressive than just a hex string, tart it up by converting some hex codes to letter pairs, and just reverse that before testing.

You might try something like the Canadian Social Insurance Number(others may be similar) where the number itself contains the check. There are several ways of doing this, and they can be overlapped.
Example:--simple
123 456 789 -keep summing the digits until you are reduced to one digit.
45
9
Example:--overlapped
123 456 789 -keep summing the digits of the first 6 and the last 6- two check numbers
21 39
3 12
3 3

223 336 123
25
7
223 336 123
19-6
10-6
1-6
Although not 100% reliable, it will give you a margin of safety, increasing with the summing pattern. You would generate the number according to the checking system that matches the check number, in the case of the simple version you could use the number of your choice, say 6, and create code numbers that reduce to 6.
Alternatively, you could make the numbers reduce to the last or first number of the access code, there again, your choice. As in the first example above.
You may be able to incorporate the ascii values of letters to allow alphanumeric access codes.(Haven't tried that.)

All you have to do is think of what you want the code to contain (issue number, date, product id, etc) and write an encoding/decoding scheme and a keygen.

I really would have to question the purpose of a 'random' key scheme, it is extremely easy to crack.

This is for a library I'm selling. So the user (programmer) will be passing their "key" to my DLL before using other functions. So I want to keep the overhead low....

I want to be able to issue "keys" just as a verification. If they start passing it around, so be it The other option is to have NO verification.

The users will want support and updates and if I find the DLL in use somewhere then I can see who's code is calling it and tack it back.

For the most part the group of programmers are honest..<g>

That's what I'm looking for. Just hadn't written one before and figured something like this must already exist in all the code snippets around.

The ISBN formula is pretty standardized. If you're creating the base number, then you can avoid numbers that generate a check digit of "X" to not give it away.