Is it safe to store sensitive data in a C++ compiled binary?

Question

It's well known that dlls produced by .NET can be easily decompiled. This means that sensitive information (e.g. encryption keys) should not be stored in .NET binaries.

Would it be a sensible alternative to store sensitive data in (for example) C++ binaries which could be consumed by my .NET code? I don't yet know anything about interop stuff, but am curious about whether this could be an avenue worth pursuing. I guess to clarify, my questions are:

1. Could a binary produced in C++ (or C) be readily decompiled to access sensitive string data?
2. Is this a totally harebrained idea, either because it wouldn't work, would be very difficult to accomplish, or because a far better alternative exists which I haven't encountered yet?

Answer 1

The answer is no. Whilst its true a .NET dll can be trivially decompiled to its original structure, and a C/C++ dll can only be decompiled to a monster mess that a compiler would love, the data that's stored in there will be placed in a big, un-mangled, bucket so anyone who knew which part to look at (and, ok, all that data is crammed up close to each other so it becomes difficult to know which bit is which) but the data will be there for all to see.

Google for data segment which is where the static data in a native windows binary gets placed.

quick edit: of course, you can store encrypted information in your C++ binary, pre-encrypt it but you will have to use something else to store the decrypt key (eg your windows user password or similar). .NET allows you to store sensitive information in a config file and will easily encrypt it on first-run or install, this encrypts and decrypts it based on the user account details the app runs under (so don't change it, and keep a copy of the un-encrypted config file somewhere :-) )