Hiding crypto key sin an assemnly...

[Ray Cassick \(Home\)]

Does anyone have any good ideas for hiding a DES key (byte array) from
prying eyes inside of an assembly or is obfuscation the only way?


Right now in my test code I am using a simple array of bytes for my key and
nit vector, but when I try the reflector tool to look at the assembly this
sticks out clear as daylight.

My first thought was to maybe embed a bitmap into the assembly as a resource
that has the bytes set as what I need then I can load the bitmap and read
the bytes from there.

Any other ideas?

 

[Chad Z. Hower aka Kudzu]

Does anyone have any good ideas for hiding a DES key (byte array) from
prying eyes inside of an assembly or is obfuscation the only way?

Obfuscation. But choose wisely, some of them are not very good.


--
Chad Z. Hower (a.k.a. Kudzu) - http://www.hower.org/Kudzu/
"Programming is an art form that fights back"

Empower ASP.NET with IntraWeb
http://www.atozed.com/IntraWeb/

 

[Colin Young]

Security through obscurity? Not a good idea. No matter where you hide the
key, it can be found. As soon as it's been found once, that information can
be passed around to compromise every single installation of your software.

What are you using the key for? With that information it will be easier for
people to provide good answers.

Colin

 

[Ray Cassick \(Home\)]

The key will be used for encrypting a license file.

I understand what you are saying though... I guess just the thoughts of
hading over my code to be mangled up (obfuscated) is still a bit hard to
take.