Secure DLL
-
Hi, Does somebody know a secure solution to ensure that the DLL an application is talking to hasn't been replaced with a fake one? I am thinking about implementing a "handshaking" procedure. With this method, the application sends a "challenge" random message to the DLL. The DLL responds with a value calculated using a one-way hash function. The application checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the application is terminated. Do you know other/better solutions? Remark: I am developing both the application part and the DLL part. Thanks. antoine
-
Hi, Does somebody know a secure solution to ensure that the DLL an application is talking to hasn't been replaced with a fake one? I am thinking about implementing a "handshaking" procedure. With this method, the application sends a "challenge" random message to the DLL. The DLL responds with a value calculated using a one-way hash function. The application checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the application is terminated. Do you know other/better solutions? Remark: I am developing both the application part and the DLL part. Thanks. antoine
antoine_boillier wrote: The DLL responds with a value calculated using a one-way hash function. The application checks the response against its own calculation of the expected hash value. the cracker finds this one-way hash function in the DLL and implements it in his own DLL. it's a tough problem. -c
Be very, very careful what you put into that head, because you will never, ever get it out. --Thomas Cardinal Wolsey
-
Hi, Does somebody know a secure solution to ensure that the DLL an application is talking to hasn't been replaced with a fake one? I am thinking about implementing a "handshaking" procedure. With this method, the application sends a "challenge" random message to the DLL. The DLL responds with a value calculated using a one-way hash function. The application checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the application is terminated. Do you know other/better solutions? Remark: I am developing both the application part and the DLL part. Thanks. antoine