|Important||This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here. ArchiveDisclaimer|
User String Encryption
Dotfuscator Professional Edition allows you to hide user strings that are present in your assembly. A common cracker attack is to find critical code sections by looking for string references inside the binary. For example, if your application is time locked, it may display a message when the timeout expires. Crackers will do a simple text search for this message inside the disassembled or decompiled output and chances are, when they find it, they will be very close to your sensitive time lock algorithm.
Dotfuscator addresses this problem by allowing you to encrypt strings in these sensitive parts of your application, providing an effective barrier against this type of attack.
Since string encryption incurs a slight runtime penalty (for on-the-fly decryption when the string is used), the configuration rules are inclusion rules. That is, by default, no strings are encrypted unless you specifically include a method that uses the string. The intention is that you will only want to encrypt strings in the sensitive parts of your application.
For details, see the online user's guide.