Sid Sacek wrote:
Does boost have any compile-time classes for string encryption? Is it even possible?
When a hacker dumps an executable, they can see all of the strings the program might use, and some of those strings may contain sensitive information. Does boost have any classes that can encode the strings at compile-time? Ideally, the third string in the code below would never compile the "secret" string into the final binary.
Hi Sid, I suggest that, like CAPTCHAs, this is something where it's better if everyone invents their own. If we all used the same string-obfuscation method, the crackers would only need to crack it once. The one time I did this I think it was something like this: #define C(x) x^0x42 const char secret[] = {C('s'), C('e'), C('c'), C('r'), C('e'), C('t')}; Maybe variadic templates would let you write that as obfus_string<'s','e','c','r','e','t'> - but watch out for that putting a less-obfuscated version in the symbol table. If you have more strings I would use some sort of external script to do the munging for you. (Not writing iPhone apps are you? Many apps now check if they are legitimate copies with something like: if (some_api_fn()=="signed_by_apple") - the cracker only needs to corrupt that string in the app to defeat the check.) Phil.