Thanks for the information I will and have been looking into your suggestions. See what you think of these and I'll check back in a couple of days. #Encrypto decrypt key iv software#When the user runs the software they enter the information they provided, and the software generates the same key, and then stores it in the Windows CSP (like a database for keys inside Windows). Perhaps the user of the software gives you some information and you combine that information with your own to create a key that you encrypt the data. Some how you need to ship the key with the data and thats the problem. perhaps there is something else, because the encryption is being done at design time it makes this a bit more tricky. There might still be a key involved but you could base that key on a labels text or the applications name or something else that might not be completely obvious. Ok crackable, not 100% secure, but they could be good enough. There are the usual ones Ceaser cipher is generally well known but there are a few. Let me think about this for a little bit, my first impression though is perhaps a substitution cipher might be better that a secret key cipher. I would appreciate some advice from all on what I can do to separate these keys from the encrypted values a little better. dlls would obfuscate properly (web service. I tried using Dotfuscator, and had some success but not all of my. They are internal only and it would be a feat just to be able to access them, but just on principal I want a better solution to storing the keys. dlls that have this data are not easily accesable so that is something to keep in mind. A hacker would just need to figure out the algorithm used to continue. I can use a decompiler and see both the encrypted values and if I know where to look the key and IV too. #Encrypto decrypt key iv code#I currently have both the encrypted values and keys in the code (separated not to be too obvious), but still I know this is not the solution. I have seen reccomendations for database storing, web.config, registry storing, storing in code and then using a tool like Dotfuscator, and more. It is a difficult thing to search for and I have seen some compex answers that I do not understand. My dilema is where to store the key and IV. I am using the 'TripleDESCryptoServiceProvider' for encryption/decryption in.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |