I got this idea a few days ago, because of a message on the ML sikurezza.org

A friend of mine needed to embed a password in the source code of his software.

Everybody knows is a bad idea, but sometimes world imposes us bad design choices.

If you don't want to write your password ina configuration file, there are plenty of ways to encode a password in a source code, but some of them can involve randomness, which might make the reversing a little bit harder,*but not impossibile*.

The idea I got is to use a fixed point of a computation. Googling around I found this fancy example which involves only integer numbers. (If you algorithm is not stable: floating point + randomness => badness).

From Wikipedia:

So, your password will be ultimately the Krapekar constant :)

It is also a great idea for a CTF challange.

boobs!

A friend of mine needed to embed a password in the source code of his software.

Everybody knows is a bad idea, but sometimes world imposes us bad design choices.

If you don't want to write your password ina configuration file, there are plenty of ways to encode a password in a source code, but some of them can involve randomness, which might make the reversing a little bit harder,

The idea I got is to use a fixed point of a computation. Googling around I found this fancy example which involves only integer numbers. (If you algorithm is not stable: floating point + randomness => badness).

From Wikipedia:

- Take any four-digit number, using at least two different digits. (Leading zeros are allowed.)
- Arrange the digits in descending and then in ascending order to get two four-digit numbers, adding leading zeros if necessary.
- Subtract the smaller number from the bigger number.
- Go back to step 2.

So, your password will be ultimately the Krapekar constant :)

It is also a great idea for a CTF challange.

boobs!