secret key string visible in dll
From: Tim Mackey (anonymous_at_discussions.microsoft.com)
Date: 04/28/04
- Next message: Ed Hastings via .NET 247: "Similar issue with .NET Security"
- Previous message: Janaka: "Page Level role-based authentication"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: secret key string visible in dll"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: secret key string visible in dll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Apr 2004 16:06:02 -0700
hi,
i am using 3des encryption with a secret key to send information between 2 aspnet applications. they both know the key, which is a hard-coded string. i have read about using aspnet-setreg to securely store such a value in the registry, but i have a different query.
if i open the dll in notepad, i can read the secret key, which obviously is no good. i tried changing the code to use a number as the secret key, calling .ToString() on the number. I then recompile and open up the dll in notepad and i can't find the number, which seems better. i don't know a thing about disassembling .net executables, so i'd like to know if the key is safe, hard-coded in the dll, in numeric form?
granted a numeric key has less combinations than a string version, but adding more digits will go some of the way to help that.
thanks for any help
tim mackey.
- Next message: Ed Hastings via .NET 247: "Similar issue with .NET Security"
- Previous message: Janaka: "Page Level role-based authentication"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: secret key string visible in dll"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: secret key string visible in dll"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
