|
|
|
|
|
|
by GauntletWizard
1874 days ago
|
|
|
There's two objections that remain: It's impossible to rotate the key without recompiling the binary (and every recompile is an opportunity to add bugs, though a good compile environment minimizes it), and that it's easy to mess up the encryption - Are you using a PKCS12 file format with DES? That's trivially crackable (to the point that most modern libraries recommend using a builtin password). And even if you've got the encryption part right, you're left with the password distribution problem, which is exactly the same problem; You've got a small (12 characters or 4k, not a lot by modern standards) bit of sensitive data that needs to be distributed to the app at startup. |
|
|