Go - password security in binary
https://stackoverflow.com/questions/8935763
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I intend to save a password/secret key in my Go application to be used in communication with some other applications. I wonder how to secure it from for example someone obtaining the binary and searching for it in some hex viewer. Are such security practices common, or am I worrying too much?
Solution
Obfuscate the data and/or code. This means to store the password in a form that is reasonably difficult to search for, and if its location is found the password is reasonably difficult to decipher.
In case no obfuscation method is secure enough (you want full security), the only solution is not to put the password into the executable in any form.
OTHER TIPS
Succinctly:
Don't!
It won't be secure; it will be broken. Further, if everyone is using the same password, then when it is broken once for one person, it is broken for all time for everyone.
