Is there a way to save a static password in a way that it's really hard to find in the compiled app?
There's two different apps I need that for. One is a lightweight FTP client for Windows that only connects to one hard-coded server. The other is an Objective C game that lets users create level packs and use passwords to save them. They can be played without password, but not opened in the level editor. I'm encrypting the passwords with AES, but I have to somehow save the password for decryption.
The only idea I've found so far is saving the password not as one string, but as multiple strings. This could work really well for the game because I could just connect strings that are already there. Or I could save it as a long string and use a secret algorithm to get the password out of that string - although that begs the question: can C apps on Windows or Cocoa apps on OS X simply be decompiled to find that algorithm?
Are there more secure ways to do that?
can C apps on Windows or Cocoa apps on OS X simply be decompiled to find that algorithm?
Yes, all made by human can be broken by another human. Never use reversible algorithms for storing sensitible data - they will be reverse-engineered. You can store hashes, as sidran32 wrote, but it doesn't help you with client
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With