RijndaelManaged Key generation

views:

309

answers:

RijndaelManaged Key generation

I need to encrypt data and store it in a file and later be able to decrypt it back. For this I am using RijndaelManaged class. Now I do not want to keep the key hardcoded in the code. After some googling I found this method -

Here the key is generated but then all other values like passphrase, salt and IV are hardcoded. I do not have the option of letting the user enter the password, so I will also have to hard-code these values. So is this really safe? Can't some hacker use tools to find these hardcoded values and figure out the key?

+1 A:

I don't understand. You say you don't have the option for haveing a user enter the password so what are you envisioning. If your computer was magic and you could describe what you want, what is it you want?

Jonathan Kaufman 2009-09-21 19:20:02

+5 A:

You cannot store secrets hard coded in an application. Period. If the prize is worth it, the secret can be found.

Viable solutions are:

Use DPAPI through ProtectedData classes.
ask the user for a password
use hardware modules (like an user badge)

Remus Rusanu 2009-09-21 19:22:37

Thanks. DPAPI - that's what I was looking for.

Happy Go Lucky 2009-09-21 19:43:24

ansaurus

tags:

views:

answers:

RijndaelManaged Key generation

related questions