Hey I’m currently developing a “joke” ransomware, But I’m unsure if I’m storing the key good enough…Firstly it’s AES-256 encryption.
Basically i’m storing “parts” of the key in the program’s strings (Like (%lots_of_random_preset_chars%_%Computer_name_processor_count%+%lots_of_random_preset_chars%)
There are two of those and a random 32 char string, genned in an XML setting file (saved on the PC), and then Rot13’d and finally SHA256 hashed, so the key goes like (part2)(part1)(part3) => Rot13 => sha256
Or would I be better off using the SHA256’d result to encrypt a randomly genned 256 Bit key on the PC? Also, i’m using a 27 Bit salt on the AES