Tech Off Post

Single Post Permalink

View Thread: Secrets
  • User profile image

    For casual, I may do one of below:

    1) Use DPAPI and add secondary entropy from a string inside your app.  Decide if you can use User level DPAPI security or have to settle for Machine.  If using machine, it may be no better then hiding password in some hash.


    2) Use some long random string in your app as the raw AES key.  Hash it (once or more times) and take the number of bytes you need for the AES key.  Encrypt and Decrypt your data using AES and your key.  This will stop most but people who can open your app in reflector and read your code to figure out how your hashing and making your password.  Could also use some Obfuscator on your app to raise the bar more.