Re: embedding passwords/other sensitive strings into a C++ program

From: David Lindauer (camille_at_bluegrass.net)
Date: 11/17/04 

Date: Tue, 16 Nov 2004 23:39:05 GMT

"J.Steiner" wrote:

> Just curious if anyone has any thoughts about what best practice would
> be for something like this...
>
> We want to write a program that will send the user (via email) a
> password when they click a button. Also, it will send the email to a
> support team who will log that the password has been requested so they
> can then change the password (and recompile the program). Seems
> simple enough.
>
> The problems I can think of are:
>
> 1. how do you encrypt this password from casual viewing (executing
> unix commnand: strings <exe name>) for example. I suggested using the
> ascii code to print the string. seems simple enough.
>
> 2. how do you encrypt this password from more aggressive viewing, ie
> someone looking at the source code, pulling the project files out of
> the repository (we use cvs, for example). My thought was to either
> put the password as a build option on the compiler (which would
> necessitate adding an option before each compile), or to put the whole
> project into cvs as a zip file with the password on it, assuming that
> the support staff will know that password.

one solution is to write a utility that generates a 'scrambled' password;
optionally it can embed the byte codes into the program so it will be
accessible on the next compile (or even modify the EXE version of the file
and obviate a compile). Your program then unscrambles it prior to
emailing it. This is harder to break, although obviously anyone who has
unlimited access to your source code (and many others who don't) and who
has time on their hands will break this scheme too.

David

Relevant Pages

  • Re: C++/TCL Need Solution to Compile Error c2784
    ... There's always the "Platform SDK" from MSDN if you need the window.h stuff, ... Since I'm using the Command Prompt rather than the GUI to compile the ... I then tried to compile your source code and I kept getting the same ...
    (comp.lang.tcl)
  • Re: Debugging Newbie Question
    ... The CLR does not understand this source code and so before it ... ASP.NET, however, ASP.NET will compile your page's source code and cache ... the debugger will have IL and x86 created from ... in release mode assemblies. ...
    (microsoft.public.dotnet.faqs)
  • Re: Debugging Newbie Question
    ... The CLR does not understand this source code and so before it ... ASP.NET will compile your page's source code and cache the result ... > does this so that a debugger can attach to the code and allow you to step ... > release mode assemblies. ...
    (microsoft.public.dotnet.faqs)
  • The curse of constant fields
    ... feature in the Java language, and decided to write up about it. ... in a class, compile the changed class, and run the code manually to ... A quick search through the source code shows that there is no other ... This is true even if the usage itself is not ...
    (comp.lang.java.programmer)
  • Re: creaping coupling......
    ... In C++ it would be trivial to break that source code dependency, ... When you compile a .java module, ... In Java and C# it's asserted at compile time. ...
    (comp.object)