Rijndael托管密钥生成
我需要加密数据并将其存储在文件中,然后才能将其解密。 为此,我使用 RijndaelManaged 类。现在我不想将密钥硬编码在代码中。经过一番谷歌搜索后,我发现 this 方法 -
这里生成密钥,但随后所有其他值(例如密码、盐和 IV)都被硬编码。我无法选择让用户输入密码,因此我还必须对这些值进行硬编码。那么这真的安全吗?难道黑客就不能使用工具来找到这些硬编码值并找出密钥吗?
I need to encrypt data and store it in a file and later be able to decrypt it back.
For this I am using RijndaelManaged class. Now I do not want to keep the key hardcoded in the code. After some googling I found this method -
Here the key is generated but then all other values like passphrase, salt and IV are hardcoded. I do not have the option of letting the user enter the password, so I will also have to hard-code these values. So is this really safe? Can't some hacker use tools to find these hardcoded values and figure out the key?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您无法在应用程序中存储硬编码的机密。时期。如果奖品值得,就能找到秘密。
可行的解决方案是:
ProtectedData< 使用 DPAPI /code>
类。
You cannot store secrets hard coded in an application. Period. If the prize is worth it, the secret can be found.
Viable solutions are:
ProtectedData
classes.我不明白。您说您无法选择让用户输入密码,那么您的设想是什么。如果你的电脑很神奇并且你可以描述你想要什么,那么你想要什么?
I don't understand. You say you don't have the option for haveing a user enter the password so what are you envisioning. If your computer was magic and you could describe what you want, what is it you want?