Simple question....I can't seem to find a credible answer to.
I've created a client server program that uses md5 + 3des encryption. I have stored a salt in the code, which gets concatenated onto the original key before hashing, then the message is encrypted using the hash of the salt + key + salt.
My question is.... how safe is the salt ? After compiling this into an executeable....would someone be able to "decompile" it and find out what the salt is ?
My guess is no.... otherwise no encryption would ever be truly secure. Knowing the salt or being able to fully decompile the code would allow someone to create a hash database and make any app insecure.
The app is very security sensitive. It has to be as close to 100% secure as possible.
Does anyone have any credible input on this ? How safe is the compiled code, and are there code obfuscation methods I should be employing ?