1

I'm currently developing a WPF project, the project is divided into layers. And one of the layers (class library) is called Security, that contains defined constants that I use as some key encryptions that use.

My question is, how can I protect these strings to any developer make reverse engineer?

Is there a secure way?

Thanks!

Gunner
  • 5,780
  • 2
  • 25
  • 40
Michel Andrade
  • 4,056
  • 5
  • 27
  • 28
  • You can use an obfuscator which encrypts strings but along with the encryption of the strings, the obfuscator has to embed the decryption methods. Someone who is not experienced enough will not be able to reverse easyly, but there is always a way. – Alex Mendez Nov 19 '12 at 03:09
  • So there is no safe way to create secure applications in .NET? – Michel Andrade Nov 19 '12 at 03:14
  • This is related to http://stackoverflow.com/questions/6018215/how-to-obfuscate-string-constants So it's more about putting the string constant in other place, either as a web service, or hashing them – Martheen Nov 19 '12 at 03:17
  • 2
    It's not necessarily .NET's fault. What you are asking is if you can give someone the key, but prevent them from finding it. It doesn't matter which language you use, there is always a way. Otherwise, DRM wouldn't be cracked so easily for example – Alan Nov 19 '12 at 04:09

1 Answers1

2

You can develop secure applications in .NET :) Obfuscation should not be confused with security - it is by far most basic form of it, but not the only form. For example, you could code up your Security library to be initialized by a encryption key string that stored in Isolated Storage that belongs to a user and is created there when your application first runs. In turn, you can generate keys for each user by using something like this: Is a GUID a good key for (temporary) encryption?

Community
  • 1
  • 1
Dmitry Frenkel
  • 1,708
  • 11
  • 17