[Message Deleted]

mobius111001

[Message Deleted]

CPallini

mobius111001 wrote:

I want to create a COM object that I will expose to 3rd parties.

Hum, interesting... What has it to do with the C# forum?

If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]

mobius111001

Where else should it go? Does it count I'm writing the COM object in C#?

led mike

CPallini wrote:

What has it to do with the C# forum?

He can't tell you that silly, you don't have proper security clearance. :-\

Jim Crafton

You guys are evil. Funny as hell, but evil nevertheless :)

¡El diablo está en mis pantalones! ¡Mire, mire! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog Just Say No to Web 2 Point Oh

led mike

Did you seem my reply in the ASP.NET forum? :-O

Lost User

Do they requirements specify how strong the encryption needs to be? The requirements are unrealistic. It is in fact impossible without relying on user input*. You can use encryption of course, but it will not do anything besides wasting valuable resources. It will bar only the worst pseudo cracker that dares call himself/herself a cracker - and those are not the people that the company should be concerned about. It's impossible because this is not a communication-channel you're trying to protect (where evil Eve only has knowledge about the communication itself), this amounts to trying to protect static data. It's impossible. Even if 3rd party programs have to use a "secret" key. They key is not secret, because the 3rd party program can access it. Thus, so can anyone who has the 3rd party program. Even if it has to, for example, use yet an other key to decrypt the real key. Or a 3rd key to decrypt the 2nd key. Somewhere it will end in a piece of data that is readily available to anyone. That leaves you with user input - that is, requiring that 3rd party software do not store the key inside itself, but asks the user to input it. Sure the users could leak it, but at least the data itself doesn't contain its own key. However, and this is a much bigger problem, the very thing you're trying to protect with such heavy locks is still unprotected. That is, to use it directly requires opening the locks.. but what's to keep anyone from dumping the locks? Decompile(.NET - obfuscators will not stop real crackers)/disassemble(native) the dll, delete the encryption code, and recompile/re-assemble.. The only people you'd successfully protect from, are people from which you have little to fear.

CPallini

:-D

If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]

CPallini

mobius111001 wrote:

Does it count I'm writing the COM object in C#?

Yes, indeed: you lost 100 man points for doing it that way. :)

If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]