SecureString for storing in memory and presenting passwords? Or something else?

c# security memory securestring
12,377

Solution 1

SecureString keeps its text encrypted in the memory and you can dispose it immediately when you don't need it. The problem is, when you want to display it or use it in almost any other way, you have to convert it to normal string, which is not secure.

Also, I wouldn't rely on it too much – the system is able to decrypt it without any decryption key, which means determined hacker will most likely be able to do the same. When a hacker gains control of your computer, you can't be sure of anything and he will be probably able to access anything that's not encrypted using a good algorithm with good key.

Solution 2

SecureString goes some way to secure the in memory instance of a string, however you should be aware of some significant drawbacks.

  • A SecureString (just as svick points out) can be retrieved without a decryption key, so any hacker skilled enough to retrieve this chunk of memory you can safely assume can easily perform this minor operation to retrieve the plain text string. Consider the simplicity of SecureStringToBSTR(input);

  • SecureString needs to be populated in a character by character way as there is no .Text property Get or Set accessor to use. On blogs including MSDN you will often see code like the following:

    public static SecureString StringToSecureString(string input)
{
    SecureString output = new SecureString();
    int l = input.Length;
    char[] s = input.ToCharArray(0, l);
    foreach (char c in s)
    {
        output.AppendChar(c);
    }
    return output;
}

The significant issue with this code is that the developer allowed the input string to ever exist in memory in the first place. The User Control or WinForm TextBox of PasswordBox used to collect this password from the user should never collect the whole password in one operation, as

  • Hackers can access memory directly and retrieve the password directly from the control on the stack or inject code to retrieve the password on the instantiation of this method
  • If your last Memory Dump still resides on your machine from your last blue-screen, and this control was populated with your plain text password, then the password is sitting in a tidy little file ready for your Hacker to pick up and use at his/her leisure.

Instead consider options where the KeyPress is used to retrieve each character from the user, otherwise, WPF's PasswordBox is backed by a SecureString by default I believe (someone else may confirm this).

Finally there are much more simple ways to collect passwords from users like Key Loggers. My recommendation is to consider your user demographic, exposure risk, and determine whether something as trivial as a SecureString is really going to cut it.

Solution 3

SecureString is exactly what the name says and you guesed: It saves the string also encrypted in memory, so yes it is the correct way to go.
See HERE:

Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed. This class cannot be inherited.

Share:
12,377
bertusaurus
Author by

bertusaurus

Just a simple programmer.

Updated on June 28, 2022

Comments

  • bertusaurus
    bertusaurus about 2 years

    I have been writing a little program for myself using C# that I can use to store my passwords and then retrieve them for viewing/editing.

    While the passwords are stored to disk in an encrypted format, when they are read into memory for display/editing on a form, they are unencrypted.

    I have learned that having unencrypted passwords in memory is a pretty big security problem, so I came across the SecureString class.

    Would there be a more secure way to do this than using the SecureString class, or does SecureString live up to its name?

  • Jim Aho
    Jim Aho over 7 years
    Very interesting!
  • Pedro Lorentz
    Pedro Lorentz almost 7 years
    @ScottShaw-Smith, I know this is old, but I don't see he suggesting the use of key loggers as "a viable way to solve this problem". Rather, he is saying that using SecureString+KeyPress is not going to help securing the password if the hackers are using keyloggers.
  • StevoInco
    StevoInco over 3 years
    I really hate it when people downvote with no explanation, so I'm not going to downvote, but I will share my opinion on why this sample is critically flawed: The whole point of SecureString is to encrypt a mutable byte array vs storing sensitive data in an immutable string. Since Garbage Collection for the immutable string is non-deterministic, your sensitive data could be around in memory long after the SecureString is disposed, rendering its use completely pointless.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using SecureString
Convert String to SecureString
Safe use of SecureString for login form
How is SecureString "encrypted" and still usable?
CryptographicException: Access denied - How to give access on User store?
C# Entity Framework high memory usage, memory leak?
WPF out of memory exception when loading large amount of bitmaps in single instance of app. Is there a limit?
Access Windows Credentials in Credential Manager
Build Security Token Service (STS) application for ASP.NET website
System.IO.File.ReadAllBytes for file larger than 2GB