Re: Strong Names Secure???

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/16/05

• Next message: vla10d_at_gmail.com: "Re: Importance of salt"
• Previous message: William Stacey [MVP]: "Re: Importance of salt"
• Maybe in reply to: Nicole Calinoiu: "Re: Strong Names Secure???"
• Next in thread: Nicole Calinoiu: "Re: Strong Names Secure???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 15 Sep 2005 22:16:16 -0700

Hello vishal,

well - then don't ship them. as soon as you give me your binaries, they are
mine and i can do whatever i like. And if i want to hack the CLR to turn
of validation at all, i am fine, too.

There is no solution to this problem. There never was.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> I would like to secure my assemblies.I would not like the users going
> in and making changes in my assemblies.Once released i would like that
> my assemblies be tamper proof.
>
> Thanks,
> Vishal
> "Nicole Calinoiu" wrote:
>
>> "VISHAL" <VISHAL@discussions.microsoft.com> wrote in message
>> news:D864B187-6231-4B01-9AF8-81E3608217EA@microsoft.com...
>>
>>> According to this article it is very easy to break strong names
>>>
>>> http://www.codeproject.com/dotnet/NeCoder03.asp
>>>
>> Removal of a strong name from an assembly does not constitute
>> "breaking" of the strong name mechanism.
>>
>>> Is there a way other than strong names to secure .Net assemblies
>>>
>> Exactly what kind of "securing" are you interested in applying?
>> Against what threat(s) are you attempting to protect the users of
>> your assemblies?
>>

---

• Next message: vla10d_at_gmail.com: "Re: Importance of salt"
• Previous message: William Stacey [MVP]: "Re: Importance of salt"
• Maybe in reply to: Nicole Calinoiu: "Re: Strong Names Secure???"
• Next in thread: Nicole Calinoiu: "Re: Strong Names Secure???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Identical binaries from same source code ... I wouldn't set the GUIDs and times to zero - I'd choose ... appropriate values and always reuse those. ... We don't need to sign the assemblies. ... of the binaries, so long as you could explain that they don't affect ... (microsoft.public.dotnet.languages.csharp) Re: Identical binaries from same source code ... I meant we prefer to use well tested third libraries rather than ... manually parse the binaries by ourselves. ... the fact that the assemblies *aren't* signed makes it simpler. ... (microsoft.public.dotnet.languages.csharp) RE: ASP.Net 1.1 shadow copy + reflection problem ... I use SC explicitly since I need to load libraries ... the bin then SC would be on by default and the binaries would not be locked. ... I needed to be able to update the binaries and so I activated the SC ... Now I am experimenting strong naming the assemblies since I read that if you ... (microsoft.public.dotnet.framework) Side-by-side examples ... I have a collection of binaries that are developed in VS2005. ... system registers these binaries and uses COM to interact with them. ... Side-by-side assemblies seem to be a good choice. ... some sample code/examples would be very helpful. ... (microsoft.public.dotnet.framework.interop) Re: Is it possible? ... Compact Framework assemblies can be written in C# or VB only. ... The CF can only run assemblies bult for it. ... FFx assmeblies can consume both FFx and CF assemblies. ... Native binaries are not portable between the desktop and CE ... (microsoft.public.dotnet.framework.compactframework)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)