- From your memory, third parties can read:
- Your code can be changed, and manipulated.
SafeOrbit is a cryptographic library to protect sensitive dataof an application from being manipulated or read.
It’s open-source on GitHub and available on NuGet .
- Protects your strings in memory while allowing you to securely compare & modify them.
- Protects your binary data with
- Anti injection module safeguards your application against memory injections and timing attacks.
- Leverages high performance and secure algorithms for encryption, hashing and random in interfaces that makes it much hard to screw up.
It’s written for & used by my password manager Password Orbit.
A simplified example
code: check-license-function: '1. goto website, 2. check if user paid' data: user-name: jade1983 pwd: password123 has-license: false
A hacker can
- read password
password123easily from application memory.
- can modify application memory and change last three words
has-license: trueand gives person a license by tricking the application.
- or a hacker can modify
check-license-functionand bypass license validation logic.
code: check-license-function: '1. goto website, 2. check if user paid' data: ue95bEEfSaaMjbpylkwnmsCqGoy8ra2VPqjIRT72wVoKFAYzUVMNWKIV7dvXN1EMpFYjPMGddU7+iua8DskPAA== signature: EQ8RgU/q/34cO7Ea4gc2y610kvsCCbZ3e9eYAKXaytqC/fKb09EFuG74JK+kbQHGfsP+BfuwwtX9NhOP9AxIyw==
A hacker can not:
- read any password as they are encrypted as the user types them.
- cannot forge any application data or code as every change to the application code or state is signed.