Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>As noted in the comment to pavium's <a href="https://stackoverflow.com/questions/1356896/how-to-hide-a-string-in-binary-code/1356915#1356915">answer</a>, you have two choices:</p> <ul> <li>Secure the key</li> <li>Secure the decryption algorithm</li> </ul> <p>Unfortunately, if you must resort to embedding both the key and the algorithm within the code, neither is truly secret, so you're left with the (far weaker) alternative of <a href="http://en.wikipedia.org/wiki/Security_through_obscurity" rel="nofollow noreferrer">security through obscurity</a>. In other words, as you mentioned, you need a clever way to hide either or both of them inside your executable.</p> <p>Here are some options, though you need to remember that <strong>none of these is truly secure</strong> according to any cryptographic best practices, and each has its drawbacks:</p> <ol> <li><strong>Disguise your key as a string that would normally appear within the code.</strong> One example would be the format string of a <code>printf()</code> statement, which tends to have numbers, letters, and punctuation.</li> <li><strong><a href="http://en.wikipedia.org/wiki/Cryptographic_hash_function" rel="nofollow noreferrer">Hash</a> some or all of the code or data segments</strong> on startup, and use that as the key. (You'll need to be a bit clever about this to ensure the key doesn't change unexpectedly!) This has a potentially desirable side-effect of verifying the hashed portion of your code each time it runs.</li> <li><strong>Generate the key at run-time</strong> from something that is unique to (and constant within) the system for example, by hashing the MAC address of a network adapter.</li> <li><strong>Create the key by choosing bytes from other data.</strong> If you have static or global data, regardless of type (<code>int</code>, <code>char</code>, <em>etc.</em>), take a byte from somewhere within each variable after it's initialized (to a non-zero value, of course) and before it changes.</li> </ol> <p>Please let us know how you solve the problem!</p> <p><strong>Edit:</strong> You commented that you're refactoring existing code, so I'll assume you can't necessarily choose the key yourself. In that case, follow a 2-step process: Use one of the above methods to encrypt the key itself, then use <em>that</em> key to decrypt the users' data.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload