Currently I am working on a form that where a user creates a profile and such. However, some of the data has to be protected as it can be sensitive to the end user. My program uses an encryption (3DES) that uses plain text as a wrapper or cipher.

vb.net Code:
  1. Dim wrapper As New Simple3Des("OBIVOUS PASSWORD WHEN DECOMPILED")
  2.     Dim cipherText As String = wrapper.EncryptData("information to be encrypted")

It doesn't take long at all to decompile any .NET application and there are many obfuscating tools available out there to help protect your application from being decompiled easily, or at the least bit- makes it difficult for the end user to comprehend your application solution. I've researched a lot of the tools available for obfuscating code, along with encrypting "plain in sight" strings, but only premium and intensive software have the functionality to give the protection I need to hide this string- which, realistically is the only thing I need.

I read a few forum posts from other people inquiring about the same problem, and they were all referred to creating a DLL with the information stored within the file, and retrieving the information from the DLL file. However, I am not sure how secure that really is, AND if it is, how to really do it efficiently. In one way or another, I need to store this wrapper string without it being easily seen or noticed by opposing some sort of challenge. I have looked into the SecureString Class and have found that it would prevent my string from being placed into memory, but will not hide my string from the case of being decompiled / debugged. I read online that you if you had a web.configuration, that you could encrypt the configuration, but this will not work because it is not a web application, it is an app configuration. There is a work around for this, but I will not being using the application / user settings within the project. Everything is stored in a local file in the application directory.

I feel that I have done extensive research on this topic and am still lost on how I can hide or avoid this string in one way or another. Any pointers, tips, or advice would be greatly appreciated. I wanted you guys to realize the extent in how much effort I am willing to put into this to get this covered up. I feel this places a huge vulnerability in my program.

Thanks you guys!