Part of the app I am writing allows users to create an encrypted, password-protected output file that they can email safely to a central store. I can't have the users choose their own password for the encryption as the central store needs to access the contents of all the output files emailed to it. So there is one password that gets set within my vb app.

I am worried that security will be compromised if the vb executable is somehow deconstructed? Is it possible to read the contents of an exe file (and thus find out the password)?

If so, any suggestions as to how I can get around this problem?

Many thanks

Yes you can read the contents of a .NET assembly with Redgate's .NET reflector. You can even decompile a VB.NET app in to C# -- as when you compile either language it is turned in to MSIL.

For getting around it you can make it difficult or use unmanaged encryption languages. To make decompiling your code more difficult take a look at obfuscators.

Comments
Many thanks

Many thanks for the info. I've had a look at Reflector - very interesting and a little frightening. I've invested in Skater's .NET Obfuscator 3.7 to give me a little peace of mind!

As others have said, .Net assemblies are like an open book. Always release your .Net assemblies in obfuscated form. Try Crypto Obfuscator which has various good protections against apps such as reflector, ILDASM, etc.

This question has already been answered. Start a new discussion instead.