securestring

I'm trying to use Powershell (in order to be able to mask the password) to run Plink command on remote Linux machine to give top 20 directories under /opt... It connects, password is properly masked but no results Write-output shows the assembled command string is correct... but it just appears to hang and does not return results. could the it be that the write-output results is different than what plink actually sends? When I copy the write-output to cmd prompt and directly run it, it works (well it still requests the password a second time because of sudo, but it does work and returns the

I would like to use a SecureString varible within VB.NET and convert that to a SHA1 or SHA512 hash. How would I securely convert the SecureString to the Byte array that HashAlgorithm.ComputeHash will accept? What about that, if we avoid the only used String instance (output) and replace it with a character array. This would enable us to wipe this array after use: public static String SecureStringToMD5( SecureString password ) { int passwordLength = password.Length; char[] passwordChars = new char[passwordLength]; // Copy the password from SecureString to our char array IntPtr passwortPointer =

long time lurker here finally having a question that I'm not seeing. I am writing a c# console application in dotnet core and trying to allow a user to input a password, and am concerned about security, particularly memory dumping. Following: Password masking console application my understanding is that a password stored as a string variable could be exposed through a memory dump ( reference ). SecureString would normally be the way to go here but doesn't seem to be supported in dotnet core . I've tried to modify the code to use a char array, because my limited understanding is that it is not

I want to use a SecureString to hold a connection string for a database. But as soon as I set the SqlConnection object's ConnectionString property to the value of the securestring surely it will become visible to any other application that is able to read my application's memory? I have made the following assumptions: a) I am not able to instantiate a SqlConnection object outside of managed memory b) any string within managed memory can be read by an application such as Hawkeye Joe Your absolutely right the SecureString does not provide you with any benefit when you need to pass the string to

I have an existing SecureString that I would like to put into a PasswordBox without revealing the .Password . Can this be done? For example: tbPassword.SecurePassword = DecryptString(Properties.Settings.Default.proxyPassword); In this case DecryptString produces a SecureString. However, SecurePassword is a read-only property so I can't assign a value to it. You can't. However, what you can do is put placeholder text in it's place (it can even be "placeholder" , we are only using it to make a few dots to show up in the box). After you put the placeholder in, when you go to retrieve the "current

I've a function GetPassword , that returns a SecureString type. When I pass this secure string to Rfc2898DeriveBytes to generate a key, Visual Studio shows an error. My limited knowledge tells me that it is because Rfc2898DeriveBytes accepts only a string and not a secure string. Is there a workaround to this? //read the password from terminal Console.Write("Insert password"); securePwd = myCryptography.GetPassword(); //dont know why the salt is initialized like this byte[] salt = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0xF1, 0xF0, 0xEE, 0x21, 0x22, 0x45 }; try { //PBKDF2