1

I'm trying to see whether my SecureString contains a particular text.

I could do it this way:

var sstr = new SecureString();
...
//sstr is now appended with a set of characters
if(sstr.ToString().Contains("Hello world")) {
   //do something
}

This works, but the moment when I do sstr.ToString(), it seems like I've just written the content in SecureString into the memory and this totally defeats the purpose of using SecureString.

How should I check whether a SecureString contains some text?

Carven
  • 14,988
  • 29
  • 118
  • 161
  • 2
    Short answer: you don't. What's the reason for the check? – Camilo Terevinto Jan 08 '18 at 11:49
  • The only way to do so securely is to call `RemoveAt` in a loop, which consumes the string, and is extremely inefficient to boot. Do such checks before the string becomes secure, not afterwards. Note that converting a `SecureString` to a string does not *entirely* defeat the purpose (it has to happen at some point), but ensuring that string isn't copied and securely erasing it afterwards is not trivial. – Jeroen Mostert Jan 08 '18 at 11:54
  • @CamiloTerevinto Well, I'm reading the output of a Process which runs a console exe in silent mode. I'm appending the output into the SecureString. Occasionally, the output of the process may show the decrypted password if there was an error. This is just how that console exe works and I can't change that. So I was hoping I could make sure at least that output I read in from the Process isn't going to stay in the memory of my app. – Carven Jan 08 '18 at 11:54
  • 1
    How are you writing that into the SecureString? It might be already useless depending on how you write – Camilo Terevinto Jan 08 '18 at 11:56
  • Did you [Dispose](https://msdn.microsoft.com/en-us/library/system.security.securestring.dispose(v=vs.110).aspx) the SecureString when you have done with it? – Steve Jan 08 '18 at 11:57
  • @CamiloTerevinto I'm looping through the characters of the Process' output buffer and appending them to the SecureString. – Carven Jan 08 '18 at 11:59
  • @Steve I did not use Dispose at the end of the SecureString. Would Dispose automatically clear off strings which SecureString have created along the way? – Carven Jan 08 '18 at 12:01
  • 1
    Dispose will zeros out its internal buffers. Of course it cannot track strings that you get with the ToString method. – Steve Jan 08 '18 at 12:02
  • Check this for SecureString https://stackoverflow.com/questions/818704/how-to-convert-securestring-to-system-string – Muhammad Usama Alam Jan 08 '18 at 12:04
  • @Carven Well, if you are looping the received characters, why don't you do a manual check on each character received? – Camilo Terevinto Jan 08 '18 at 12:07
  • Still I don't understand why you want to remove something inside the SecureString. Its content is encrypted and if the content stays there it is safe (relatively speaking) and when you Dispose then you don't have anything observable in memory. As @CamiloTerevinto says the problem is how do you add these info to the SecureString. If the other process outputs the password in clear text then the weak spot is there. – Steve Jan 08 '18 at 12:12

1 Answers1

1

The best approach to check it without defeating SecureString purpose is in your Process output buffer loop, before it gets into the SecureString secured buffer. But in the best case, doing so you would create a plain memory string of the last N characters (being N the "Hello world" length) which would be a bit insecure. Less insecure than calling SecureString.ToString() of course 'cause as you already stated, it would store all the text in plain memory defeating the purpose.

Cleptus
  • 3,446
  • 4
  • 28
  • 34