Securing symmetric key

Question

In my project (windows desktop application) I use symmetric key in order to encrypt/decrypt some configurations that need to be protected. The key is hardcoded in my code (C++).

1. What are the risks that my key will be exposed by reverse engineering ? (the customers will receive the compiled DLL only)
2. Is there a way for better security for managing the key?
3. Are there open source or commercial products which I can use

Answer 1

Windows provides a key storage mechanism as part of the Crypto API. This would only be useful for you if you have your code generate a unique random key for each user. If you are using a single key for installations for all users, it will obviously have to be in your code (or be derived from constants that are in your code), and thus couldn't really be secure.