如何在代码中隐藏密钥? [英] How do you hide secret keys in code?
问题描述
一段时间以来,我一直想知道某些软件如何以一种无法轻易发现的方式隐藏密钥.举几个例子:
I've wondered for some time how some software hides secret keys in such a way that they can't be trivially discovered. Just a few examples:
- DVD 播放器软件隐藏 CSS 键
- 带有序列号/注册码的软件会隐藏用于验证序列号的密钥/哈希
显然,这些程序所做的不仅仅是将密钥保存在字节 [] 中,因为这样可以轻松窃取他们的密钥并生成您自己的序列号等.
Obviously, these programs do something more than just have the key in a byte[], as that would make it easy to steal their keys and generate your own serial numbers, etc.
使用什么样的策略来隐藏这些密钥以使其不易被发现?
What sorts of strategies are used to hide these keys so that they can't be found easily?
推荐答案
这些密钥如此容易被发现的原因是因为它们隐藏在软件中.
The reasons those secret keys were so easily discovered is because they were hidden in software.
不惜一切代价避免在软件中隐藏秘密 - 混淆只会让你走到这一步.问问自己这个问题:对于完全访问反汇编、用户模式和内核模式调试器,并且没有日常工作的人,我能在多大程度上隐藏软件中的密钥?破解只是时间问题.
Avoid hiding secrets in software at all cost - obfuscation will only get you so far. Ask yourself this: How well can I hide a key in software from someone with full access to the disassembly, user mode and kernel mode debuggers, and no day job? It's only a matter of time before it gets cracked.
这篇关于如何在代码中隐藏密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
