473,396 Members | 1,789 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > what i don't get about encryption? searching memory to find my key

Join Bytes to post your question to a community of 473,396 software developers and data experts.

What I don't get about encryption? Searching memory to find my Key

I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?

Thanks,

Bob

Nov 22 '05 #1
2 1223
B Maxey <Ca******@noemail.nospam> wrote:
I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?


Yes. This is a fundamental fact about encryption which has nothing to
do with the implementation: if your code doesn't take any extra input
from a source which can't be "snooped on", it can't possibly be
absolutely secure.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #2
Well thanks, not what I wanted to hear, but I needed to know.

"Jon Skeet [C# MVP]" wrote:
B Maxey <Ca******@noemail.nospam> wrote:
I have been working with encryption. And it seems to me that the IV and Key
are the only things you need to decrypt my data.

I can obfuscate, but my program still needs to 'call' the framework objects
in System.Security.Cryptography. And this call can be searched for. Then
using a program like SoftIce or Heapwalker they can examine the object and
its properties (namely the IV and Key). Having that they can break my
encryption.

Am I missing something?

Even if I slice and dice the key and store it all over the place, it needs
to be assembled before the framework call, right?


Yes. This is a fundamental fact about encryption which has nothing to
do with the implementation: if your code doesn't take any extra input
from a source which can't be "snooped on", it can't possibly be
absolutely secure.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too

Nov 22 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

92
rotor replacement
by: Reed L. O'Brien | last post by:
I see rotor was removed for 2.4 and the docs say use an AES module provided separately... Is there a standard module that works alike or an AES module that works alike but with better encryption?...
Python
7
What is the easiest way to query a remote XML file on someone elses Linux box using secure communication?
by: Dan V. | last post by:
Situation: I have to connect with my Windows 2000 server using VS.NET 2003 and C# and connect to a remote Linux server at another company's office and query their XML file. Their file may be...
.NET Framework
2
What I don't get about encryption? Searching memory to find my Key
by: B Maxey | last post by:
I have been working with encryption. And it seems to me that the IV and Key are the only things you need to decrypt my data. I can obfuscate, but my program still needs to 'call' the framework...
.NET Framework
121
What IDE are you using?
by: typingcat | last post by:
First of all, I'm an Asian and I need to input Japanese, Korean and so on. I've tried many PHP IDEs today, but almost non of them supported Unicode (UTF-8) file. I've found that the only Unicode...
PHP
2
Null pointers in C---spec (N869) trouble, was What computer language is used a lot in the IT industry?
by: Thomas G. Marshall | last post by:
Arthur J. O'Dwyer <ajo@nospam.andrew.cmu.edu> coughed up the following: > On Thu, 1 Jul 2004, Thomas G. Marshall wrote: >> >> Aside: I've looked repeatedly in google and for some reason cannot >>...
C / C++
7
Watching memory use. What tools can I use
by: Claire | last post by:
Im sat here watching task manager and the memory consumption of my application rising second by second. What tools are there out there for me to use to find where it's all going please? (I wish...
C# / C Sharp
7
Any suggestions for what encryption method to use for sensitive database values?
by: Alan Silver | last post by:
Hello, I am writing a page where sensitive data is collected (over SSL) and stored in a database. I have been looking at the .NET encryption classes, but am a bit confused as to which is best...
ASP.NET
2
The Irish fada (áéíóú/ÁÉÍÓÚ) and encryption/decryption problem!
by: almurph | last post by:
Hi everyone, Can you help me please? I am having a problem with the encryption/decryption of words with the Irish fada in them. The Irish fada is like this: áéíóú/ÁÉÍÓÚ. It's kind of like the...
Visual Basic .NET
7
Symmetric encryption keys
by: Mark Rae | last post by:
Hi, Picking your collective brains again, this time regarding the storage of the key used in symmetric encryption. Let's say you have a requirement to add encryption to a C# project, so you...
C# / C Sharp
10
What should I Use ?
by: timor.super | last post by:
Hi all, Imagine I've an array of int : int anArray = new int; I want to extract all the integer that are superior to 500 I can do :
C# / C Sharp
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!