So he's going to enter all the thousands of keys we've flooded in just to find one that works.
uh k.
The point of flooding in realistic looking ones is to hide the real ones. Thus saving people who fall for this.
No.
Valid keys follow a certain numbering scheme. For example, in a valid credit card number, all the digits add up to a certain number. This makes it very easy to check if a number is valid without having to authenticate it with a server
I don't know the numbering scheme with keys, but if you do, you can just write a script that will go through all the keys and throw away any that don't conform to this scheme, making spamming the form with completely random keys pointless
Conversely, if you do know the scheme, you can generate random keys according to this scheme that couldn't be thrown out by an automated script