473,320 Members | 1,953 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

What I don't get about encryption? Searching memory to find my Key

I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?

Thanks,

Bob

Nov 22 '05 #1
2 1222
B Maxey <Ca******@noemail.nospam> wrote:
I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?


Yes. This is a fundamental fact about encryption which has nothing to
do with the implementation: if your code doesn't take any extra input
from a source which can't be "snooped on", it can't possibly be
absolutely secure.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #2
Well thanks, not what I wanted to hear, but I needed to know.

"Jon Skeet [C# MVP]" wrote:
B Maxey <Ca******@noemail.nospam> wrote:
I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?


Yes. This is a fundamental fact about encryption which has nothing to
do with the implementation: if your code doesn't take any extra input
from a source which can't be "snooped on", it can't possibly be
absolutely secure.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Nov 22 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

92
by: Reed L. O'Brien | last post by:
I see rotor was removed for 2.4 and the docs say use an AES module provided separately... Is there a standard module that works alike or an AES module that works alike but with better encryption?...
7
by: Dan V. | last post by:
Situation: I have to connect with my Windows 2000 server using VS.NET 2003 and C# and connect to a remote Linux server at another company's office and query their XML file. Their file may be...
2
by: B Maxey | last post by:
I have been working with encryption. And it seems to me that the IV and Key are the only things you need to decrypt my data. I can obfuscate, but my program still needs to 'call' the framework...
121
by: typingcat | last post by:
First of all, I'm an Asian and I need to input Japanese, Korean and so on. I've tried many PHP IDEs today, but almost non of them supported Unicode (UTF-8) file. I've found that the only Unicode...
2
by: Thomas G. Marshall | last post by:
Arthur J. O'Dwyer <ajo@nospam.andrew.cmu.edu> coughed up the following: > On Thu, 1 Jul 2004, Thomas G. Marshall wrote: >> >> Aside: I've looked repeatedly in google and for some reason cannot >>...
7
by: Claire | last post by:
Im sat here watching task manager and the memory consumption of my application rising second by second. What tools are there out there for me to use to find where it's all going please? (I wish...
7
by: Alan Silver | last post by:
Hello, I am writing a page where sensitive data is collected (over SSL) and stored in a database. I have been looking at the .NET encryption classes, but am a bit confused as to which is best...
2
by: almurph | last post by:
Hi everyone, Can you help me please? I am having a problem with the encryption/decryption of words with the Irish fada in them. The Irish fada is like this: áéíóú/ÁÉÍÓÚ. It's kind of like the...
7
by: Mark Rae | last post by:
Hi, Picking your collective brains again, this time regarding the storage of the key used in symmetric encryption. Let's say you have a requirement to add encryption to a C# project, so you...
10
by: timor.super | last post by:
Hi all, Imagine I've an array of int : int anArray = new int; I want to extract all the integer that are superior to 500 I can do :
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.