Android Question making a key

[Enthousiastic]

Hello , I made a database for mine magazines. I want to give it to my friends but also in strangers to me .For the strangers , I am thinking to make a key like in pc programs with some algorithm.So when the user inputs the right key the database starts.When inputs the wrong key the user will have for example only 5 tries. Then the programs will stop and exit for its environment.
Do you have an idea , how to achieve that ?

Many thanks to all forum in advanced .

 

[Erel]

You can encrypt your database with SQLCipher and ask the user to enter the password. Only if the password is correct they will be able to work with your database.

 

[Enthousiastic]

The above database is an .apk file which is using a db database file.How can I use sqlsipher in .apk file .Sorry for mine ignorance.

 

[Troberg]

The way I've done it in the past is to use a challenge-response mechanism. Basically, it works like this:

* The user gets a random lock sequence (string) on the screen.´
* He contacts you and tells you the text.
* You type in the sequence in program only you have, which generates at key code based on that specific sequence.
* You tell the user the key code.
* The user enters the keycode.
* The client software validates the key.

Now, the clever thing here is that each key code is specific to that specific unlock event. The next time, another lock sequence will be generated, which needs another key, so it doesnt matter if the key is shared.

The algoritm can be fairly simple, say, an xor of the lock sequence, some secret value only you know and some mixed up version of the current date. As the user won't get that many keys, he'll not figure it out.

The downside, of course, is that every unlock requires a contact with you. In my case, it was a large system with few customers, so it wasn't a big problem, but if you hope to havetens of thousands of users, it'll probably be too much.

 

[Troberg]

A small addition to my above post:

It doesn't have to be a bad thing that the user has to contact you. If, as in my case, you have a limited amount of customers which you want to keep good business relations with, any excuse to chat with them is good.