It is impossible to do this without getting a shared secret (ex: password) from an outside source (ex: user, SMS, etc).
Everyone has access to your entire program. If no outside information is used, it will always be possible for someone to send a forged packet that looks like it came from your application.
Typically you can send a single verification string to the user via email or SMS that they can then enter into the application. If the string is only valid for a short amount of time (say 5 minutes) then it does not have to be extremely long.
To create a temporary key from this string you hash it. You then use this temporary key to prove to the server that you are who you say you are, and obtain a long-term key from the server and store it in a safe place.