Yes I think you're right. From what I've read many anti-piracy software applications do this - even Windows does this to verify a purchased version of Windows (they use 10 different hardware ids to produce a hash). The only problem is; if the user changes their hard drive, or wireless device, etc. the hash will change. So I'll need to be more forgiving and create a 'verification measure'. Hash bios UUID and hard drive serial, hash ethernet mac address and something else, and so on. If 4 out of 5 hashes match ( a 'verfication measure' of 4/5) then we have correctly identified the user.
Something along these lines appears to be a good enough compromise of security and legitimate hardware modifications.