Oh, I see. I didn't know that. Thanks for the explanation. I guess I'll just encrypt the filesystem then as you suggested.
On Friday, January 9, 2015 at 4:29:17 AM UTC, Jens Alfke wrote: > > > On Jan 8, 2015, at 7:46 PM, Jsparrow <[email protected] <javascript:>> > wrote: > > If I create a C# windows application and hardcode the decryption key in a > string variable (so that my app can access the contents of the db) and > compile the application into an .exe file, can someone really find out the > key just by using the .exe file? > > > Sure. It's not even stored in the code; it's in a different section of the > binary where constant data goes. (I've never coded for Windows so I don't > know the format of their binaries, but all executable formats work this > way.) Finding an AES encryption key would be harder than finding, say, a > password, because a raw key is just 32 random bytes with no detectable > pattern, but you can still decompile or step through the code as the app > runs, for example looking for OS calls that do decryption and checking what > parameters are passed to them. > > This kind of thing happens all the time. It's how people break DRM, crack > copy-protected software, create cheats for online games, jailbreak phones. > There are people who are very good at this and see it as a challenge — > they'll crack stuff even if they don't personally care about it, just to > show off. > > If they can find the key like that, does that mean that all of my C# code > is available to them aswell? > > > I don't know as much about C#, but compiled Java code is easily > decompiled. The output looks almost exactly like the original source code > except that some names are lost (local variables, I think) and of course > there aren't any comments. > > I just want to encrypt the email credentials in case I ever lose the usb > drive. > > > Just encrypt the filesystem on the drive, if Windows supports that. > > —Jens > -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/4fb1ba9b-c1e2-4386-82ea-8a2d33e80e1d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
