I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.
I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.
Am I missing something?
Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?
Thanks,
Bob