Reddit Reddit reviews Secure Coding: Principles and Practices

We found 1 Reddit comments about Secure Coding: Principles and Practices. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Computer Programming
Secure Coding: Principles and Practices
Used Book in Good Condition
Check price on Amazon

1 Reddit comment about Secure Coding: Principles and Practices:

u/SoCo_cpp ยท 2 pointsr/ReverseEngineering

To make a long story short, at a quick glance I see:

He has created a hashing function by shuffling the character map used in a base64 encoding.

He proposes running a file containing a list of your literal string list through this application command line app, which outputs a header file, like this, ready to include containing the encoded strings and decryption key (Base64 character map) defined as macros.

The generated macros defines take this format:

define INTRO_STRING GetDecryptedString("UCcFEN/FEN/cMv19EmJpl4kpEm1NgYiGebj3")


Critique:

This looks to accomplish it's task of providing obfuscation literal strings. There could be a number of different ways to accomplish this with varying pros and cons. Other strategies may already exist, be easier, and have polished tools.

One pro of this approach is that the strings are not decrypted until used. That could also be a con since each string must be decrypted each time it is accessed.

Another possible con is that the key must be kept with the encoded hashes, but possibly the whole idea was to just withhold the key, but this would likely make the code uncompilable or function incorrectly depending on how the strings are used and handling is done without a key.

Securely encrypted strings seems to not be a requirement of this project. Since that is the case, it seems the shuffling of the base64 seems a pointless step that merely forces possessors of the code to do more than just plot the string in an online base64 decoder. One could more easily just plop plain base64 in there and avoid the extra complication or just escaping the strings in an escaped hex representation Like this:

"\x32\xA9\xD9" see MSDN C++ Character Constants

Good enough security is all we can hope to obtain{1}, so if it accomplishes the security requirements needed, then it is a success.

Qualifications:

I have been programming C++ for nearly 20 years and working as a C/C++ Windows, Linux, and embedded device programer for more than 10 years. Probably not a very good critiquer.

{1} Secure Coding: Principles and Practices by Mark G. Graff and Kenneth R. Van Wyk