Bonj said:
Mmmm... fine. But I don't see that happening....
There are lots of situations in which an attacker might be able to get
access to the encrypted data when they can't get access to the key itself.
So while you obviously can't keep the key secret from *everyone* (the
entities encrypting and decrypting data need to know it, obviously) there
are nonetheless typically individuals who can only see the encrypted data,
and who will not have access to the key.
If in your particular scenario absolutely everyone involved can always see
the keys, then you really may as well not bother doing encryption. (Or at
least don't bother wasting any effort, since the best you'll ever be able to
do is obfuscation - the strength of the encryption is now irrelevant, so you
may as well do whatever is simplest.) But although key management is hard
it's not impossible. It's impossible to solve in general, but there are
many scenarios in which it can be done. (Otherwise nobody would bother with
encryption.)
For example, if I want to send data from my laptop to my server at home,
then it's relatively straightforward for me to make sure that the key is not
known by anyone other than those two computers. I can create a key, put it
on my server and my laptop while I'm at home - I can do this with a USB key
or a disk to make sure that it never goes over my network, meaning that as
long as my machines haven't been compromised, I can be pretty confident that
the key remains a secret shared only by these two machines. And now that
I'm on the road in a different country from my server, I can use that key to
encrypt data sent between my laptop and server over an untrusted network.
(Indeed this is more or less exactly what I'm doing right now - I have a VPN
connection to my home network that is using this very technique.)
If I used your algorithm to encrypt the data, I needn't have bothered taking
these steps to keep the key a secret, because your algorithm would allow
anyone snooping on my traffic to discover the key fairly quickly. I'm
sending several megabytes of data every day, which should be more than
enough for a successful statistical attack on your algorithm.
Fortunately I'm not using your algorithm. So my key has a good chance of
remaining secret. (Of course there are still risks in my key management -
perhaps one of the two machine that know the key has been compromised and
the key stolen, and I've not realised this yet. Or maybe I forgot to delete
the file from my USB disk and someone has got hold of a copy that way. But
there's nothing intrinsic to the design of the system that means the key
will definitely be known to any other party - by design the key remains
secret unless there has been a failure elsewhere.)
By simple saying "I don't see that happening" w.r.t. keeping the key secret,
you are effectivley saying that you are now assuming the key will be known
to all your attackers. If that really is the case for your scenario, then
I'd recommend not bothering with encryption. If you simply start from the
assumption that the key is always public knowledge, then that's not a useful
baseline for judging the usefulness of an encryption algorithm, because
you'll inevitably come to the conclusion that they are all completely
useless.
I'm still not quite sure exactly what it is you're trying to achieve here.
It sounds like you might be attempting to store credentials for connecting
to a SQL Server database in a way that stops people from just reading the
raw connection string and using those credentials for their own purposes,
but I'm not really sure if that's what you're doing. If that is what you
are doing, there are a few well-known solutions to this problem that work a
whole lot better than the approach you are trying to use. (The two obvious
ones being integrated security - not using a SQL username and password at
all - and the DPAPI, which is a technology built into Windows that is
designed to solve pretty much exactly this problem.)