Stack Overflow
Stack Overflow

Questions tagged [securestring]

Represents text that should be kept confidential. The text is encrypted for privacy when being used, and deleted from computer memory when no longer needed

SecureString object is similar to a String object in that it has a text value. However, the value of a SecureString object is automatically encrypted, can be modified until the application marks it as read-only, and can be deleted from computer memory by either the application or the .NET Framework garbage collector.

224 questions
367
votes
16 answers

Secure random token in Node.js

In this question Erik needs to generate a secure random token in Node.js. There's the method crypto.randomBytes that generates a random Buffer. However, the base64 encoding in node is not url-safe, it includes / and + instead of - and _. Therefore,…
Hubert OG
  • 19,314
  • 7
  • 45
  • 73
184
votes
15 answers

Convert String to SecureString

How to convert String to SecureString?
Developer404
  • 5,716
  • 16
  • 64
  • 102
125
votes
4 answers

Convert a secure string to plain text

I'm working in PowerShell and I have code that successfully converts a user entered password into plain text: $SecurePassword = Read-Host -AsSecureString "Enter password" | convertfrom-securestring | out-file…
tmarsh
  • 1,355
  • 2
  • 9
  • 4
56
votes
8 answers

Using SecureString

Can this be simplified to a one liner? Feel free to completely rewrite it as long as secureString gets initialized properly. SecureString secureString = new SecureString (); foreach (char c in "fizzbuzz".ToCharArray()) { secureString.AppendChar…
Todd Smith
  • 17,084
  • 11
  • 59
  • 78
51
votes
7 answers

How to convert a string to securestring explicitly

I want the text entered in the textbox to be converted to securestring in c#.
Indish Cholleti
  • 887
  • 3
  • 11
  • 21
46
votes
5 answers

Is there any benefit to using SecureString in ASP.NET?

If I understand correctly, this is for keeping plain text out of memory, so that the app is secure against esoteric attacks on memory, the garbage heap, or memory paged to disk. The SecureString is fed unmanaged bytes and consumed one unmanaged byte…
MatthewMartin
  • 32,326
  • 33
  • 105
  • 164
41
votes
5 answers

C# - compare two SecureStrings for equality

I have a WPF application with two PasswordBoxes, one for the password and another for the password to be entered a second time for confirmation purposes. I was wanting to use PasswordBox.SecurePassword to get the SecureString of the password, but I…
Sarah Vessels
  • 30,930
  • 33
  • 155
  • 222
38
votes
3 answers

How can I use powershell's read-host function to accept a password for an external service?

I have a script I'm writing that makes a connection to a SOAP service. After the connection is made, I need to pass in a the username/pass with every command I send. The problem I have is that when I use read-host to do this, my password is shown in…
EGr
  • 2,072
  • 10
  • 41
  • 61
37
votes
4 answers

How is SecureString "encrypted" and still usable?

According to MSDN SecureString contents is encrypted for additional safety so that if the program is swapped to disk the string contents can't be sniffed. How is such encryption possible I wonder? The algorithm would be fixed and therefore either…
sharptooth
  • 167,383
  • 100
  • 513
  • 979
34
votes
2 answers

How to use unsafe code in safe contex?

I need to use SecureString for a Microsoft's class and i found the following code on the internet: public static class SecureStringExt { public static SecureString ConvertToSecureString(this string password) { if (password == null) …
CodeArtist
  • 5,534
  • 8
  • 40
  • 65
28
votes
4 answers

Java equivalent of SecureString

I'm looking for Java's equivalent of .NET's SecureString.aspx. Is there such implementation available in 2018? OWASP implementation is not exactly the same because it's just a plain char array. While .NET equivalent provides additional features such…
Mikhail Kholodkov
  • 23,642
  • 17
  • 61
  • 78
27
votes
6 answers

C# SecureString Question

Is there any way to get the value of a SecureString without comprising security? For example, in the code below as soon as you do PtrToStringBSTR the string is no longer secure because strings are immutable and garbage collection is…
Taylor Leese
  • 51,004
  • 28
  • 112
  • 141
26
votes
2 answers

Safe use of SecureString for login form

So there's this class that seems very seldom used: SecureString. It's been around since 2.0 at least, and there are a few SO questions on it, but I thought I'd ask my own specific questions: I have a LoginForm; simple WinForms dialog with username…
KeithS
  • 70,210
  • 21
  • 112
  • 164
24
votes
4 answers

Hashing a SecureString in .NET

In .NET, we have the SecureString class, which is all very well until you come to try and use it, as to (for example) hash the string, you need the plaintext. I've had a go here at writing a function that will hash a SecureString, given a hash…
Mark Raymond
  • 906
  • 8
  • 22
23
votes
5 answers

Clear C# String from memory

I'm trying to clear the memory contents of a C# string for security reasons. I'm aware of the SecureString class, but unfortunately I cannot use SecureString instead of String in my application. The strings which need to be cleared are created…
raisyn
  • 4,514
  • 9
  • 36
  • 55
1
2 3
14 15