Home/ Questions/Q 6534703
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T10:16:59+00:00

In my C application I have a decryption key that is used to decrypt

  • 0

In my C application I have a decryption key that is used to decrypt sets in the database (username / password). Currently, I simply declared it with

char * key = "$$$secretSampleDecryptionKey$$$";

Shortly after that line, I prepare the SQL statement and then select from the DB. My question is, if someone was to debug my compiled application or dissassemble it, will they actually see the key? What can I do to hide it from them?

EDIT:

As Mark and Aaron pointed out, I can simply use the Linux / Unix strings command

strings nameOfApplication

to print out all the strings in my application, including the “secret” key.

EDIT 2:

The app runs on my server and the database stores sensitive customer data that is encrypted. I thought I was playing it safe by not having the key in a text file for everyone to read but compile it instead.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    An interesting link relating the story of someone retrieving a password from a binary :

    Deconstructing an ELF File

    This is a step-by-step description of what someone could try to discover a password. It will give you some idea of what “not to do”. The use of the command strings is the first item in the list for example.

    If you want to hide your secret string from strings, you can store it in as a char array not terminated with \0 character. strings should not pick it up.

    There is also a nice trick mentioned (which is bypassed) to avoid someone to use a strace/ltrace on your binary.

    Ultimately by disassembling the code, the “hacker” manage to retrieve the password, which as other have pointed out is difficult to protect against. Basically you can’t really hide anything in a binary…

    • 0