By the sam token, IBM 5250 was popular amongst insurance companies because there was no intelligent 5250 terminals that would enable taking the data away. 3270 was considered less secure because emulator cards quickly appeared on PC that allowed snatching data and put it on disk.
It is fascinating to see how companies that could keep their data safe in a non connected local network with diskless terminals connect their precious server to the Internet without quite envisioning the risk.
A very very efficient compiler maybe able to optimise repetitive operation on scattered static data. But a compiler is not able to decipher programmer’s intent. So when the key is spread through different methods that fetch and assemble the data dynamically, the compiler cannot predict all that will eventually end up in the same bucket.
Ironically, all the hacker has to discover is where the bucket is, with the gold inside. Even if it exists for a few microseconds.
The Exe to C program reported by Matthew is scary because whatever the complex operations used to assemble the password, the code required to submit a password to decrypt data will always remain rather simple, and therefore easy to spot.
Ah the days of real programming