Hash collisions happen.
The real solution is to NOT use a generation algorithm for keys. Generate strings, then approve only those you actually sell and distribute.
Software installation/runtime checks locally against the generation algorithm, allowing for offline installations, bundled installers, old version installs, use in 50 years after all the servers are gone, etc.
Updates ask for your key and the server decides if it's valid (an approved string that hasn't been used by thousands of PCs across the net).
Allow manual updates from pre-downloaded files for offline use, use after the servers are gone, bundled installers, etc. If you want to be nice, allow anyone to download these updates, perhaps after some time period, or perhaps only when the software is EOL.