What I don't get about encryption? Searching memory to find my Key

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?

Thanks,

Bob
 
B Maxey said:
I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?
Click to expand...

Yes. This is a fundamental fact about encryption which has nothing to
do with the implementation: if your code doesn't take any extra input
from a source which can't be "snooped on", it can't possibly be
absolutely secure.
 
Back
Top