Techniques for obscuring sensitive strings in C++

Question

I need to store sensitive information (a symmetric encryption key that I want to keep private) in my C++ application. The simple approach is to do this:

std::         


        

Answer 1

As was said before, there's no way to totally protect your string. But there are ways to protect it wis a reasonable safety.

When I had to do this, I did put some innocent looking string into the code (a copyright notice, for example, or some faked user prompt or anything else that won't be changed by someone fixing unrelated code), encrypted that using itself as a key, hashed that (adding some salt), and used the result as a key to encrypt what I actually wanted to encrypt.

Of course this could be hacked, but it does take a determined hacker to do so.