Concealing a Fixed Password
November 24, 2011 2:25 PM Subscribe
A software application needs to supply a fixed password to an outside hardware device that it talks to. How can that password be concealed from hackers who take apart the software or the computer it's running on?
posted by Paquda to Computers & Internet (17 answers total)
How would you achieve a situation where the application "knows" its password and is able to supply it, but the password never shows up as a string in the source code, or in a config file, or in memory.
The application needs to run in an automated way, so prompting a user to supply it is not an option.
Encrypting the password just seems to push the problem down the line: the encryption key then needs to be stored somewhere.