在C / C ++程序中读取加密文件时保留密码
[英]keep the password while reading encrypted file in C/C++ program
问题描述
I need to open and read an encrypted file in a C++ program. 
我需要在C ++程序中打开和读取加密的文件。 Do I need to keep the password in the program? 我需要在程序中保留密码吗? Are the user able to get the password when the program is disassembled? 程序反汇编时,用户能否获得密码?
What's the best way to keep the user away from the password? 使用户远离密码的最佳方法是什么?
2 个解决方案
解决方案1
1 已采纳 2014-03-03 11:58:23
If you just put the password hard coded then, yes. 如果您只是对密码进行硬编码,那么可以。 With some dissassembly it is easy to get the password (you don't even need to dissassemble fully, only get the strings). 通过一些反汇编,很容易获得密码(您甚至不需要完全反汇编,只需获取字符串)。 You can try to obfuscate the password somehow, such as computing a hash of something that creates the password (this is very simplistic). 您可以尝试以某种方式混淆密码,例如计算创建密码的哈希值(这非常简单)。 In the end if you give someone an encrypted file and a program that opens that file you can't really hide that information from them. 最后,如果您给某人一个加密的文件和一个打开该文件的程序,则您实际上无法向他们隐藏这些信息。
解决方案2
0 2014-03-03 12:43:53
Another simplistic solution (provides very basic security only - may be succeptible to hacker attack ) 另一个简单的解决方案(仅提供非常基本的安全性-可能会受到黑客的攻击)
- Create your password file in a directory on which users have no permission. 在没有用户权限的目录中创建密码文件。
- Provide users only execute permissions to the executable but use setuid so that they can run the executable as you. 仅向用户提供对可执行文件的执行权限,但使用setuid以便他们可以像您一样运行可执行文件。
- In the exe read the password from the file kept in a directory that only you have permission to. 在exe中,从仅拥有您权限的目录中读取文件中的密码。 (created in step 1). (在步骤1中创建)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.