Friday, September 6, 2013

Practical uses for Secure String

Secure Strings (or sstrings for short) seem to be a seldom used class in .NET.  There is quite a lot of misunderstanding of what it is used for.  The basic idea is to not store passwords in memory in clear text.  Its not going to help you transmit passwords over the wire or in a serialised format.  The main vulnerability it protects against is someone being able to read memory, or memory dumps. Realistically this is a tiny fringe case, but may have more benefit on a device susceptible to being lost or stolen as opposed to servers.

To use it properly the string must be added to the SecureString object one character at a time.  If you grab the password from the user / UI and put it into a string first, you have defeated the purpose and might as well not bother with secure strings.  As soon as the string is in memory as a string the GC could make any number of copies of it and it could stick around for some time before the memory is actually overridden.

The secure string object is tagged so the GC does not make copies of it or move it.

See:
http://stackoverflow.com/questions/4502676/c-sharp-compare-two-securestrings-for-equality?lq=1

Also consider:
  • Secure Long aka slong
  • Secure Int64 aka BigSlong

No comments:

Post a Comment