3

I saw this thread :

When would I need a SecureString in .NET?

the code there is : 

SecureString password = new SecureString("password");

vs

SecureString pass = new SecureString();
foreach (char c in "password".ToCharArray())
    pass.AppendChar(c);

And I do understand the benefits of the second one ( adding char by char) - so that the hacker will not be able to track all chars which in random places in memory ( vs one string in mem which he can find).

The Part which I dont understnad is that part : enter image description here

that yellow code is deferentially in memory !

so ... where is the benefit ?

Community
  • 1
  • 1
Royi Namir
  • 144,742
  • 138
  • 468
  • 792

2 Answers2

3

The 2nd code sample with ToCharArray() just demonstrates the restricted way for filling a securestring. It is not a sample of a (best) practice.

The thread you link to provides most of the answers: Securestring provides a partial solution to avoiding plain-text passwords (in memory). Not a complete solution.

But take these 2 points from the accepted answer:

  • WPF's PasswordBox control keeps the password as a SecureString internally.
  • System.Diagnostics.ProcessInfo's Password property is a SecureString.

Together they would allow you to safely transfer a password to a process.

H H
  • 263,252
  • 30
  • 330
  • 514
  • I believe that the "password" string ( in the for loop) should be GC'ed as soon as possible. will GC.collect will help here ? ( after the for loop ) – Royi Namir Dec 31 '11 at 13:44
  • No, `"password"` is a literal, it will not be collected. – H H Dec 31 '11 at 13:49
  • 1) why it wont be collected ? no one is refereneing him anymore after the foreach loop 2) if it wont be collected so a hacker CAN search the mem for it and will find it.... please clarify :) – Royi Namir Dec 31 '11 at 13:53
  • 1) because no-one is referencing it _before_ the foreach either. 2) Yes, a hacker could find this password. As said, it's not a real example. – H H Dec 31 '11 at 14:30
  • are you telling me that if i write 1000 times `Console.Write("lalala");` the "lalal" string wont be GC'ed ? – Royi Namir Dec 31 '11 at 18:31
  • @RoyiNamir - didn't you ask a question about Interning earlier today? – H H Dec 31 '11 at 22:32
  • No wait ....:) I will have to call it from the pool by 'intern' and then it will get the string from the pool. otherwise - its recreates it. ( if i didnt use intern) – Royi Namir Jan 01 '12 at 06:30
1

The password will always be unencrypted at some time. The question is, “for how long time?” If you keep it unencrypted for half an hour in memory it is more likely to be hacked than a string that is garbage collected after a few seconds.

Olivier Jacot-Descombes
  • 104,806
  • 13
  • 138
  • 188
  • I believe that the "password" string ( in the for loop) should be GC'ed as soon as possible. will GC.collect will help here ? ( after the for loop ) – Royi Namir Dec 31 '11 at 13:12
  • GC.Collect will help, but not completely eliminate the problem. – Olivier Jacot-Descombes Dec 31 '11 at 13:54
  • so what is the final solution if that wont eliminate the prob ? – Royi Namir Dec 31 '11 at 13:59
  • I added GC.collect to your words : "for how long time" . So I suggested to run GC right after the for loop. so whats is your solution? – Royi Namir Dec 31 '11 at 13:59
  • You cannot emliminate the danger completely. You can only minimize it. It is also not advisable to store the password in a db in plain text. Instead, store a hash (SHA for example). Nobody will be able to restore the password. When a user enters his password, then compare the hash of the entered password to the hash in the db. – Olivier Jacot-Descombes Dec 31 '11 at 15:33