I have a situation which seems to be an endless loop but maybe someone
out here can help me. I'm using SHA-256 has my hash function and AES
as the encryption method. I have a byte array of data and a string
that is the passphrase (currently the string is 306 characters long).
I hash the passphrase and use it to encrypt the data. Since I'm
writing this as part of an application I want to hardcode the
passphrase into the application, however as a string it would be
fairly simple to find it in the complied code.
Here's my question:
What is the best method of storing this passphrase internally in the
application such that it would be as secure as possible?
Unrelated Question:
Is there any security hole in using the data as the key? (other than
it makes it hard/impossible to get it back out)
Thanks
--
David B Heise [dheise_at_gmail.com]
http://students.cs.byu.edu/~dheise
Received on Mar 01 2005
Intro
