I look forward to the Russian realms going live, so I don't have to PuG with russians who refuse to speak in English.

Yeah because keygens are a secure and uncrackable form of copy protection in pc programs!

lol

Who said anything about keygens? It is a RSA-like generator. 6 digits translates to 1,000,000 possible combinations, or about 20-bit encryption. Further, Blizzard doesn't even need to share the public key for the encryption which makes it even harder to break, the clocks are set to an unknown starting point, counting seconds.... which makes it even more of a challenge for would-be code crackers.

Nah... I'd say that for a video game, this is more than adequite. It would take someone cracking the code 2 to the 20th power in complexity to crack the code, while the authenticator can generate one much easier. It works against the code-breaker, since to really be able to crack it with any real chance, the person cracking the code would need to know the public key for the encryption, and the starting point of the counter. Knowing which algorithm might also be useful, but I'd say it is a safe assumption that it is using the open, and currently best available security standard of the RSA (used in SSL applications, like https, ssh, sftp, etc.) algorithm to generate the code.

This is the same method uses to generate the keys for your software, their just done in the factory. If you can work out the algorythm (by having a half dozen keys or the encoder) or the starting number you can quite easily crack them and produce your own working keys.

The algorithm is the key. When dealing with encryption, the entire *point* is to make it easy to encode/decode the data correctly, while making it more difficult to brute-force your way in.

With CD-Keys, they are set to unique for a certain CD. There is one, and only one code for that CD, and once you know it, you don't even need to know what the code is, you can use it repeatedly and it works. That is why the CD-Keys tend to not work. That, and many of them use substandard algorithms that are pretty easy to crack (comparatively speaking). The RSA algorithm is currently the industry standard, and provides a Log base 2 of the complexity for encoding & decoding the sequence, while it provides a 2 to the power complexity for cracking. Basically, the more bits, the more significantly difficult it is to crack compared to encode/decode correctly. This is why I'm tending to think that the standard algorithm will be used, it is used widely in many different arenas, to include any secure web transactions (https), secure shell, FTP, and copy protocols (SSH, SFTP, and SCP) used most often with POSIX-based OS'es like Linux or OS X, and ported to Windows, all of these use the Secure socket Layer (SSL) mechanic to encode/decode through the use of the RSA algorithm. Heck, the WPA and WPA2 (802.11i) wireless encryption systems are modeled after the RSA algorithm.

The huge difference between how this functions, and how a CD-key functions, on a security level, is that this is a code that changes constantly. The same number sequence can't be used twice in a row. So having a list of "Keys" to test won't really work... You'd need a list of every single number from 000000 to 999999... and that's a lot of numbers you have to check... and you can bet that a 3-strikes rule is in place, that is... if you get it wrong 3 times in a row, Blizzard will notify the account owner, and might take action or at least pay close attention to the account, and at the very least block the account from being accessed for several minutes.

As someone who has done cryptographic software development, and have worked with various algorithms, both writing software that uses them, as well as software that tries to get around them... if Blizzard is doing this intelligently, and i seems that they are.... the code-crackers will find this to be an extreme problem to deal with. At best, they'd be seeking out how to circumvent the implementation of the system, not brute-force attempting to crack the code directly.