>Hi all,
>
>First off, sorry for being gone for so long - my largest client asked me to sub in for their IT department for the last 6 months as they "lost" 3 of their guys. So no coding for me since late fall. But I do have a question...
>
>I am using a utility in Rick Strahl's classes to encrypt data strings. Works fine. The utility eventually calls .Net encryption routines.
>
>My question is: what would a person need for tools to be able to get the key for the encryption? My key is made up of a long "base" and then for each record in a table, it is unique. Of course, this key gets assembled right before each call into one string.
>
>Is there a way to capture this key even if it is in memory as a var just long enough to call the encryption/decryption routine? If so, what tool would do that? And does the hacker need my source code in order to step through the code to stop on the line that assembles the key? Or can someone just capture every line as it executes and look at the results with some low level debugger?
>
>Sorry, I just don't do this kind of low level work to know the answer.


This is way outside my wheelhouse, too, but one thing I did when I needed to hide a key in code was never assemble into a single variable. I passed an expression into the encryption routine that was built on the fly.

Tamar