This is an interesting one.
Valery Pryamikov writes in his blogg that strong names do not provide high level of security.
I dont agree with him, what do you think?
I would argue, that strong names combined with other techniques do provide strong security. As such, strong names (private/public key)are one of the building blocks of the security design in .net.
You have the StrongNameIdentityPermission class, which requires the caller to provide a specific public key to access an external module. generate a public/private key that you use to sign all of your components and controls.Someone who wants to use the component or control, presents the public key as evidence that they’re granted access. Once CLR determines the public key is valid, the caller accesses the code as usual.
Extending this method of thinking, you could include 2 sets of security checks. First, u look for the public key assigned to the application. This check overcomes the problem of someone using another key to sign your application. Second, u look at the hash value of the program. Even if someone should decide to replace your public key value with the new ones for their key, replicating the hash value is extremely hard. In addition, you can even use the SHA-512 hash algorithm (require a 64 bit prosessor)
This two-phase check increases the security of your program at a very modest cost in startup time.
It doesn’t cost any performance once the program is running, nor does it cause the program to use any more resources.However, it’s possible that a cracker could overcome both checks. All the cracker would need to do is add a new public key and create a new
hash value for the registry.But the cracker need access to the code. If u protect it with Dotfuscator or some other tools, your code will have a damn good security design.