|
Posted by =?Utf-8?B?TEFNUDkw?= on September 16, 2007, 5:02 am
If you were Registered and logged in, you could reply and use other advanced thread options
On Microsoft and most other 25 character-based product keys, I know not all
26 letters of the alphabet are used, but cannot find documentation as to
which ones are suppressed. Suspect that I and O are out, as they look much
like numbers 1 and 0, for instance.
Any pointers
|
|
Posted by Alex K. Angelopoulos \(MVP\) on September 16, 2007, 11:46 am
If you were Registered and logged in, you could reply and use other advanced thread options
Of the 36 Latin letters and Arabic numerals used in most Western European
languages, 24 appear to be used for current product codes and 12 are not.
The 24 used are:
2346789BCDFGHJKMPQRTVWXY
The 12 unused are:
015AEILNOSUZ
Depending on the font and letter case used, this reduced set is generally
unambiguous, but knowing which members it contains definitely can be useful.
Microsoft generally uses uppercase for printing/display of the keycodes, and
it does look like these were specifically selected to minimize chance of
confusion and also, I believe, to avoid accidentally producing
offensive-looking character sequences. The pattern is easiest if you look at
the unused characters like this:
015 AEIOU LNSZ
The numerals 015 could all be confused with letters easily. By eliminating
AEIOU, the chances of producing something that looks like a word in almost
any language using the Latin alphabet are minimal. The 4 unused consonants,
LNSZ, further eliminate possible confusion if you aren't aware of the
character set, have written them in lowercase, or have printed them in a
fairly blocky typeface - without S you won't try to write 5, and without Z
you always know that a similar shape is really 2.
By the way, being told this set really doesn't help anyone who would be
performing a brute-force crack attempt to generate key codes. It isn't just
that the base of possible codes is large (about 3.2 * 10^34). With the
length of individual key codes, if you have access to at least half a dozen
Microsoft keycodes, anyone who can do simple character sorting can not only
tell what the base character set is, but that the distribution is
approximately random.
> On Microsoft and most other 25 character-based product keys, I know not
> all
> 26 letters of the alphabet are used, but cannot find documentation as to
> which ones are suppressed. Suspect that I and O are out, as they look
> much
> like numbers 1 and 0, for instance.
> Any pointers
|
|
Posted by Joan Archer on September 16, 2007, 4:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
the number 8 and letter B which people are told not to confuse as they are
similar.
I would have thought they could have been left out so as not to cause
problems.
Joan
Alex K. Angelopoulos (MVP) wrote:
> Of the 36 Latin letters and Arabic numerals used in most Western
> European languages, 24 appear to be used for current product codes
> and 12 are not.
> The 24 used are:
> 2346789BCDFGHJKMPQRTVWXY
>
> The 12 unused are:
> 015AEILNOSUZ
>
> Depending on the font and letter case used, this reduced set is
> generally unambiguous, but knowing which members it contains
> definitely can be useful. Microsoft generally uses uppercase for
> printing/display of the keycodes, and it does look like these were
> specifically selected to minimize chance of confusion and also, I
> believe, to avoid accidentally producing offensive-looking character
> sequences. The pattern is easiest if you look at the unused
> characters like this:
> 015 AEIOU LNSZ
>
> The numerals 015 could all be confused with letters easily. By
> eliminating AEIOU, the chances of producing something that looks like
> a word in almost any language using the Latin alphabet are minimal.
> The 4 unused consonants, LNSZ, further eliminate possible confusion
> if you aren't aware of the character set, have written them in
> lowercase, or have printed them in a fairly blocky typeface - without
> S you won't try to write 5, and without Z you always know that a
> similar shape is really 2.
> By the way, being told this set really doesn't help anyone who would
> be performing a brute-force crack attempt to generate key codes. It
> isn't just that the base of possible codes is large (about 3.2 *
> 10^34). With the length of individual key codes, if you have access
> to at least half a dozen Microsoft keycodes, anyone who can do simple
> character sorting can not only tell what the base character set is,
> but that the distribution is approximately random.
>
>
>> On Microsoft and most other 25 character-based product keys, I know
>> not all
>> 26 letters of the alphabet are used, but cannot find documentation
>> as to which ones are suppressed. Suspect that I and O are out, as
>> they look much
>> like numbers 1 and 0, for instance.
>> Any pointers
|
|
Posted by Alex K. Angelopoulos \(MVP\) on September 17, 2007, 6:42 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I've never had any problems reading them but they leave in the 24 used set
> the number 8 and letter B which people are told not to confuse as they are
> similar.
> I would have thought they could have been left out so as not to cause
> problems.
> Joan
>
That's the one pair that bothered me the most - B/8 really are easy to
confuse if your eyes or the font are less than perfect!
I have noticed that they seem to use a font where the 8 looks like two
stacked squares, with the top one smaller than the bottom one, possibly to
help distinguish this pair.
|
|
Posted by =?Utf-8?B?TEFNUDkw?= on September 16, 2007, 5:22 pm
If you were Registered and logged in, you could reply and use other advanced thread options
readability and also avoiding "offensive" words in any Latin-alphabet
language. As for its random distribution, cryptographic theory says that a
good cypher output is supposed to have such a random distribution.
By the way, that is the reason it is a very bad idea to encrypt first and
then try to compress a stream of plaintext. And, it is a very good idea to
compress first and then encrypt, as compression also increases randomness of
plaintext prior to encryption.
To clarify for other participants, and as you yourself put it, my question
is actually related to security, but not in an obvious way.
Product keys are a way of access control: only those who are entitled are
supposed to get them, and they must be otherwise hard to "hack". Thus, you
have access control. And, access control is part of security, so, out of all
themes in existing microsoft newsgroups, this is the closest one I found
where it would be appropriate to ask my question.
Access control is not just about restricting those who are not entitled, but
ensure access to those who are.
It would be nice if there was already some written guidelines for this
subject. I still cannot find anything about it.
In the Engineering firm that I worked, we also had rules about not using
certain characters of the alphabet because of the possible confusion you so
aptly pointed out. Those rules were pretty well established back in the
'50s; it is just that nobody was able to tell me where those rules came from.
So, suppressing certain characters seem to come from guidelines or best
practices coded long before cryptography-based product keys started to be
used by Microsoft.
As to the purpose of my question, it is mostly general knowledge.
I am building my own product key generator for my personal internal use, to
have some fun research with public-key cryptography, and to allow multiple
(more than 2) recovery agents for the key pairs I generate (PK crypt theory
says it is possible). Don't care to find valid MS product keys for any
product (unlike some hacker that recently made news with Windows Vista, that
you seem to implicitly refer to)
And, as you rightly pointed out, the letters and digits being suppressed
allow for better readability. I wanted my keys to also be at least as
user-friendly as Microsoft's, and did not feel like reinventing the wheel and
reinventing it square!
On the other hand, neither Microsoft nor anyone else can claim patents or
any other intellectual property on this, because I do have access to prior
art (in the form of engineering specifications and best practices) that are
already in the public domain and that implicitly show this readability
guideline.
Finally, I think I will stick to all digits and prune look-alike characters.
Will leave the vowels alone for now.
Again, thanks so much for your response.
P.S.: I thought MS would use a power-of-two character set for their product
keys, like 32 characters, since it maps much easier into binary than 24
characters. I guess readability trumped over convenience!
"Alex K. Angelopoulos (MVP)" wrote:
> Of the 36 Latin letters and Arabic numerals used in most Western European
> languages, 24 appear to be used for current product codes and 12 are not.
>
> The 24 used are:
> 2346789BCDFGHJKMPQRTVWXY
>
> The 12 unused are:
> 015AEILNOSUZ
>
> Depending on the font and letter case used, this reduced set is generally
> unambiguous, but knowing which members it contains definitely can be useful.
> Microsoft generally uses uppercase for printing/display of the keycodes, and
> it does look like these were specifically selected to minimize chance of
> confusion and also, I believe, to avoid accidentally producing
> offensive-looking character sequences. The pattern is easiest if you look at
> the unused characters like this:
>
> 015 AEIOU LNSZ
>
> The numerals 015 could all be confused with letters easily. By eliminating
> AEIOU, the chances of producing something that looks like a word in almost
> any language using the Latin alphabet are minimal. The 4 unused consonants,
> LNSZ, further eliminate possible confusion if you aren't aware of the
> character set, have written them in lowercase, or have printed them in a
> fairly blocky typeface - without S you won't try to write 5, and without Z
> you always know that a similar shape is really 2.
>
> By the way, being told this set really doesn't help anyone who would be
> performing a brute-force crack attempt to generate key codes. It isn't just
> that the base of possible codes is large (about 3.2 * 10^34). With the
> length of individual key codes, if you have access to at least half a dozen
> Microsoft keycodes, anyone who can do simple character sorting can not only
> tell what the base character set is, but that the distribution is
> approximately random.
>
>
> > On Microsoft and most other 25 character-based product keys, I know not
> > all
> > 26 letters of the alphabet are used, but cannot find documentation as to
> > which ones are suppressed. Suspect that I and O are out, as they look
> > much
> > like numbers 1 and 0, for instance.
> > Any pointers
>
>
|
| Similar Threads | Posted | | Re: Alphabet letters not used in Microsoft product keys | September 16, 2007, 5:27 am |
| RE: Alphabet letters not used in Microsoft product keys | September 16, 2007, 9:55 pm |
| Re: Alphabet letters not used in Microsoft product keys | October 7, 2007, 7:59 pm |
| Public Keys, Private Keys, & Certificates | January 29, 2006, 10:16 am |
| Microsoft rejects product code as incorrect when it is CORRECT. W | March 19, 2007, 7:23 pm |
| Product Support Services - SEPTEMBER 2005 MICROSOFT SECURITY RESPONSE CENTER BULLETIN RELEASE - REVISED | September 9, 2005, 5:07 pm |
| Match Product ID to Product Key | August 12, 2005, 2:01 pm |
| How Can I Add Local and Network Drive Letters to MSIE Trusted Sites Security Zone? | October 15, 2007, 12:40 am |
| SSL Keys on USB Drive | April 3, 2006, 1:43 am |
| Start Keys | April 26, 2006, 7:27 pm |
|
XML site map