Brad's Books and Organizations

Books

Books

Organizations

Organizations

Hi, I’m Brad Feld, a managing director at the Foundry Group who lives in Boulder, Colorado. I invest in software and Internet companies around the US, run marathons and read a lot.

« swipe left for tags/categories

swipe right to go back »

Authorization Code Scheme

Comments (16)

F3EL7-T3YL2-MBN5P-ZQI6R-YE8PI

Ever type that into a pop up box on your computer when installing software?  If not, you’ve never installed anything from Microsoft (or many other companies) – at least not legally. 

This morning I was copied on an email from my partner Ryan McIntyre to a company we are talking to about funding that said:

“I use Pro Tools and other pro audio software regularly and since the SW is quite expensive, the SW vendors go to great lengths to use copy-protection, and most audio plugins and applications (and there are dozens) have some sort of authorization code scheme, ranging from friendly to downright byzantine.  It drives me nuts, but my constant exposure to it means I’ve formed some opinions about what is “easy” when it comes to entering authorization codes.  The easiest plug-ins (authorization-wise) in the audio world use alphabetical codes broken up into strings of words, so instead of the longs strings of numbers, you get long strings of words, which are much easier for a human to enter without a mistake.  A couple code examples might be:

HOUSE-BIRD-TRUCK-DRUM
FLINT-TRUE-SWORD-CALL

You get the idea.  I’m assuming third-part auth-gen packages must exist to generate codes like these that give you a big enough address space yet also make guessing authorizations relatively difficult.  And that you could relatively easily change your process at the manufacturer for associating MAC addresses with device IDs.”

I prefer auth-codes that are haikus.  I wonder if there’s a patent on this?

  • http://intensedebate.com/people/gturpin gturpin

    The idea of auth-code haiku seems appropriate, given that I have to be in a Zen-like state to successfully enter the typical alphanumeric auth-codes.

  • http://intensedebate.com/people/rlevine Rick Levine

    $ cat /usr/share/dict/words | egrep '^[a-z]{3,8}$' | wc -l

    76025

    Five words gives us a namespace of 10E24. We can burn 10E15 for Haiku generation and still have plenty of rope.

    Implementation hints:

    http://www.oblomovka.com/code/haiku/haiku
    http://www.spatch.net/emily/haiku.shtml

    prudent-word-choice-calms-typist

  • http://intensedebate.com/people/bfeld Brad Feld

    I-LOVE-SETH-ELLIS-CHOCOLATES.  Rick – you are hilarious, nerdy, and a haiku artist.

  • http://intensedebate.com/people/rlevine Rick Levine

    Best prototype gets a large box of our chocolates. Brad's the judge.

  • Todd

    Most pro audio software dumped challenge/response years ago and went to the iLok dongle (http://www.ilok.com). I know Pro Tools and all the Digidesign software uses iLok, as well as Waves. When I worked in this industry, the only non-iLok vendors were the small shops who couldn't afford to license iLok.

    It's ironic that the industry which complains the most about intellectual property has one of the worst track records in respecting other peoples IP.

    • http://intensedebate.com/people/ryan4747 Ryan

      Todd, right you are about the iLok, the USB dongle that stores your authorizations for ProTools and other audio software. Now that pretty much all plugin vendors (it took a while for AutoTune and Waves to get with the program) support iLok, it is very handy since you can take your authorizations to another machine in another recording studio and be able to use your plugins there too.

      But, several of the plugins that support iLok still use a code-based authorization scheme to generate your iLok authorization and place it in your account at iLok.com before you can load the iLok auth onto your iLok USB key.

  • http://tedhoward.com Ted Howard

    Have you ever entered a pre-paid code on an Xbox 360 using the standard controller and on-screen keyboard? I have. Many times (because it was free for MSFT FTE's in games). Every time I do it, I wish that the codes were designed to be more easily entered through that unique HCI.
    One of my better thoughts was that if everyone was always guaranteed to have a webcam, just make a visual code. Even without that, put a little OCR into it and have the webcam translate from print to digital text.

  • http://intensedebate.com/people/bfeld Brad Feld

    Yes – I agree that it’s a total nightmare.  Last night on 24 the President used a webcam to sign an executive order digitally.  I can’t wait.

  • http://intensedebate.com/people/joshfraz Josh Fraser

    you beat me to it. i was about to post the same thing.

  • http://intensedebate.com/people/sethlevine675 sethlevine

    confusing keys blow
    like the wind through blooming trees
    go away key now

  • http://intensedebate.com/people/pete_warde41961 Pete Warden

    I love Haddock for its memorable password generation:
    http://stephencelis.com/2009/03/29/whats-the-pass
    After haiku, lets shoot for iambic pentameter.

  • http://www.myspace.com/swindeorin Swin Deorin

    i have reaktor 5 and i cant get a authorization code for it
    if you have any help it would be appreaciated

  • Car insurance claims >> http://onlinecarinsuranceclaims.com/

    [... - http://www.feld.com is other nice authority of tips. Online Car insurance claims [… -

  • http://www.convertmodfiles.biz mod converter

    This article is very interesting. Thank you very much for sharing .

  • Pingback: affordable auto insurance california

  • Pingback: limousine hire London

Build something great with me