saving document with passwords encrypted
-
sample (i have text like this): username:marin;password:12345;lastlogin:12.12.2012; i encrypt it with password(1111) using (http://www.di-mgt.com.au/properpassword.html[^]) and then i have something like: FS238sdshdio92upishSDSDJfssf87s9dSFSSJDJ bla bla bla and i save that "bla bla" into a file somewhere in application directory and when i start application again i decrypt and get info from file. thats safe encryption but what for if annyone can see my application executable code and see with what password i encrypted it! or i am wrong? thanks! ;)
FeRtoll Software.net ------------ E-Mail me WebPage
-
sample (i have text like this): username:marin;password:12345;lastlogin:12.12.2012; i encrypt it with password(1111) using (http://www.di-mgt.com.au/properpassword.html[^]) and then i have something like: FS238sdshdio92upishSDSDJfssf87s9dSFSSJDJ bla bla bla and i save that "bla bla" into a file somewhere in application directory and when i start application again i decrypt and get info from file. thats safe encryption but what for if annyone can see my application executable code and see with what password i encrypted it! or i am wrong? thanks! ;)
FeRtoll Software.net ------------ E-Mail me WebPage
Nope, you're not wrong! A .NET assembly can be reversed with .NET Reflector and can figure out what you did to encrypt it. Tha's what obfuscators are for. And if it was THAT critical, you should probably write the crypt/decrypt code in C++, not managed code.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
sample (i have text like this): username:marin;password:12345;lastlogin:12.12.2012; i encrypt it with password(1111) using (http://www.di-mgt.com.au/properpassword.html[^]) and then i have something like: FS238sdshdio92upishSDSDJfssf87s9dSFSSJDJ bla bla bla and i save that "bla bla" into a file somewhere in application directory and when i start application again i decrypt and get info from file. thats safe encryption but what for if annyone can see my application executable code and see with what password i encrypted it! or i am wrong? thanks! ;)
FeRtoll Software.net ------------ E-Mail me WebPage
-
sample (i have text like this): username:marin;password:12345;lastlogin:12.12.2012; i encrypt it with password(1111) using (http://www.di-mgt.com.au/properpassword.html[^]) and then i have something like: FS238sdshdio92upishSDSDJfssf87s9dSFSSJDJ bla bla bla and i save that "bla bla" into a file somewhere in application directory and when i start application again i decrypt and get info from file. thats safe encryption but what for if annyone can see my application executable code and see with what password i encrypted it! or i am wrong? thanks! ;)
FeRtoll Software.net ------------ E-Mail me WebPage
How you encrypt this depends on who you are protecting it from and how important it is. If this is a client-server application, a better option would be storing the encryption key on the server, and randomly generating it the first time the server runs. The client never sees the decrypted information, you just use a different "LoginFromEncryptedCredentials" method that passes the raw encrypted data, which the server decrypts and tries to process. When you want to store credentials, you call "GetEncryptedCredentialsFromServer" and pass it the information you want to encrypt. The key here is that the client machine NEVER sees the encryption key. If the client machine EVER has it in memory, then it can be retrieved. If this is just a client application with no server, and you are saving the current user's credentials, you would be much better served encrypting the file with built-in windows file system encryption. This would hide it from everyone except the current user in a secure fashion.