Menu
Is this encryption class sufficiently secure? Or can someone disassemble my binary to find the key and IV? I'm using it to decrpyt license files so it's quite important that it can't be easily broken.
internal static class Encryptor
{
// Actual values are put here in my source
private static readonly byte[] Key = { 0, 0, 0, 0, 0, 0, 0, 0 };
private static readonly byte[] Iv = { 0, 0, 0, 0, 0, 0, 0, 0 };
internal static String Encrypt(string source)
{
var des = new DESCryptoServiceProvider();
var enc = des.CreateEncryptor(Key, Iv);
var b = Encoding.ASCII.GetBytes(source);
var encId = enc.TransformFinalBlock(b, 0, b.Length);
return Convert.ToBase64String(encId);
}
internal static string Decrypt(string encrypted)
{
var des = new DESCryptoServiceProvider();
var dec = des.CreateDecryptor(Key, Iv);
var b = Convert.FromBase64String(encrypted);
var decId = dec.TransformFinalBlock(b, 0, b.Length);
return Encoding.ASCII.GetString(decId);
}
}
This is similar to this question and this one, but neither seem to have a clear answer (as far as I can understand - and I admit to being a complete beginner on this topic). Please advise. :)
432
Though encryption isn't an effective method for protecting your entire source code, you can use encryption as part of the obfuscation process without slowing the program.
The encryption key is created and stored on the key management server. The key manager creates the encryption key through the use of a cryptographically secure random bit generator and stores the key, along with all it's attributes, into the key storage database.
Yes, this is easily broken. Any developer with knowledge of tools such as Reflector (or ILSpy, or dotPeek, or ...), will have no trouble identifying the encryption function and finding your key. Someone who has the assembly will even be able to call Decrypt directly, not bothering with extracting the key.
Is it sufficiently secure ? It depends, only you can answer that. If this is for licensing, it is the equivalent of putting a sticker on a box saying "Don't copy my software". On the other hand, making a robust licensing scheme that is hard to break for an experienced and determined attacker, is a large undertaking, and you might want to consider if it is worth the effort. Personally, I would invest my time in making the software so awesome, that people will want to pay for it, rather than stopping a small number of bad guys from using it unlicensed.
149
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
