securestring

This question already has an answer here: When would I need a SecureString in .NET? 11 answers So the .NET framework provides the SecureString class for storing strings in a secure fashion. But to read the information and work with it you have to return it to a standard string. See this implementation example . As you can see from the example using the pointer we return an unencrypted string. How to do we now manage that "insecure" instance of the string? What is the most secure way to work with the value once it has been set? Edit The purpose of this question was to discuss methods to REDUCE

I have a WPF application with two PasswordBoxes, one for the password and another for the password to be entered a second time for confirmation purposes. I was wanting to use PasswordBox.SecurePassword to get the SecureString of the password, but I need to be able to compare the contents of the two PasswordBoxes to ensure equality before I accept the password. However, two identical SecureStrings are not considered equal: var secString1 = new SecureString(); var secString2 = new SecureString(); foreach (char c in "testing") { secString1.AppendChar(c); secString2.AppendChar(c); } Assert

I have a module that includes some strings with some private data that should be hard to attain, but changes frequently. I need to put this script on a variety of machines where it might be accessed and the code read by someone who should not have the information used to derive the output. I'm really concerned about strings that change from time to time so I'm considering creating a script which prompts for those values as secure strings and encrypts them using a key and dumps them into an xml file. The XML file then is used to provide the strings. Anyone running a command from this module

I'm trying to clear the memory contents of a C# string for security reasons. I'm aware of the SecureString class, but unfortunately I cannot use SecureString instead of String in my application. The strings which need to be cleared are created dynamically at runtime (e.g. I'm not trying to clear string literals). Most search result I found basically stated that clearing the contents of a String is not possible (as string are immutable) and SecureString should be used. Therefore, I did come up with my own solution (using unsafe code) below. Testing shows that the solutions works, but I'm still

My application makes use of the RijndaelManaged class to encrypt data. As a part of this encryption, I use a SecureString object loaded with a password which get's get converted to a byte array and loaded into the RajindaelManaged object's Key at runtime. The question I have is the storage of this SecureString. A user entered password can be entered at run-time, and that can be "securely" loaded into a SecureString object, but if no user entered password is given, then I need to default to something. So ultimately the quesiton comes down to: If I have to have some known string or byte array to

So there's this class that seems very seldom used: SecureString . It's been around since 2.0 at least, and there are a few SO questions on it, but I thought I'd ask my own specific questions: I have a LoginForm; simple WinForms dialog with username and (masked) password fields. When the user enters both and clicks "Login", the information is passed to an injected authentication class that does a layer of key-stretching, then hashes half of the stretched key for verification while the other half is the symmetric key for the encrypted user account data. When all this is through, the loginForm is

I have a script I'm writing that makes a connection to a SOAP service. After the connection is made, I need to pass in a the username/pass with every command I send. The problem I have is that when I use read-host to do this, my password is shown in cleartext and remains in the shell: PS C:\Users\Egr> Read-Host "Enter Pass" Enter Pass: MyPassword MyPassword If I hide it with -AsSecureString, the value can no longer be passed to the service because it is now a System.Security.SecureString object: PS C:\Users\gross> Read-Host "Enter Pass" -AsSecureString Enter Pass: ********** System.Security

Can this be simplified to a one liner? Feel free to completely rewrite it as long as secureString gets initialized properly. SecureString secureString = new SecureString (); foreach (char c in "fizzbuzz".ToCharArray()) { secureString.AppendChar (c); } Sascha You could use Linq: "fizzbuzz".ToCharArray ().ToList ().ForEach ( p => secureString.AppendChar ( p ) ); Just use NetworkCredential. It has the conversion logic built-in. SecureString ss = new NetworkCredential("", "fizzbuzz").SecurePassword; As others have noted, all of these techniques strip the security benefits of SecureString, but in