T
Tim Mackey
hi,
i am using 3des encryption with a secret key to send information between 2 aspnet applications. they both know the key, which is a hard-coded string. i have read about using aspnet-setreg to securely store such a value in the registry, but i have a different query.
if i open the dll in notepad, i can read the secret key, which obviously is no good. i tried changing the code to use a number as the secret key, calling .ToString() on the number. I then recompile and open up the dll in notepad and i can't find the number, which seems better. i don't know a thing about disassembling .net executables, so i'd like to know if the key is safe, hard-coded in the dll, in numeric form?
granted a numeric key has less combinations than a string version, but adding more digits will go some of the way to help that.
thanks for any help
tim mackey.
i am using 3des encryption with a secret key to send information between 2 aspnet applications. they both know the key, which is a hard-coded string. i have read about using aspnet-setreg to securely store such a value in the registry, but i have a different query.
if i open the dll in notepad, i can read the secret key, which obviously is no good. i tried changing the code to use a number as the secret key, calling .ToString() on the number. I then recompile and open up the dll in notepad and i can't find the number, which seems better. i don't know a thing about disassembling .net executables, so i'd like to know if the key is safe, hard-coded in the dll, in numeric form?
granted a numeric key has less combinations than a string version, but adding more digits will go some of the way to help that.
thanks for any help
tim mackey.