What do you guys think of this...?
I've recently been asked to write a crypto program by a client. It's being done in VB/Access/Visual C++. So far, I've thought of something like this...
1. Use a strong symmetric cipher system like twofish or similar to encrypt the Access mdb.
2. The key is stored in multiple, persistent variables that are checked so that they aren't contiguous in memory.
3. Password protect the program and store the password as a md5 hash in two distinct places in the registry.
4. If the hashes don't match, wipe the program, but not the data.
5. If the password is entered wrongly more than x times, wipe the program, not the data
6. Store a md5 checksum of the file somewhere, maybe in the registry.
7. If the md5 checksum changes, wipe the program, not the data.
8. Since the key is stored in the program, if the right encryption scheme is used, the encrypted mdb file is useless.
9. Also, if the user accidentally deletes the program, all he has to do is reinstall the program and the mdb is decrypted.
This might seem like overkill, but the user needs this kind of security. Any thoughts on how to improve this....?
Cheers,
cgkanchi