I would like to use a SecureString varible within VB.NET and convert that to a SHA1 or SHA512 hash. How would I securely convert the SecureString to the Byte array that HashAlgorithm.ComputeHash will accept?
+1
A:
Typed it up in c# and converted to VB. Hopefully it still works!
Dim input As [Char]() = "Super Secret String".ToCharArray()
Dim secret As New SecureString()
For idx As Integer = 0 To input.Length - 1
secret.AppendChar(input(idx))
Next
SecurePassword.MakeReadOnly()
Dim pBStr As IntPtr = Marshal.SecureStringToBSTR(secret)
Dim output As String = Marshal.PtrToStringBSTR(pBStr)
Marshal.FreeBSTR(pBStr)
Dim sha As SHA512 = New SHA512Managed()
Dim result As Byte() = sha.ComputeHash(Encoding.UTF8.GetBytes(output))
Joe
2009-10-07 04:51:57
Why you converted it? Do you have it in C#?
backslash17
2009-10-07 05:11:31
I converted it because Luke asked for it in VB.net. If you need it in c# try running it though this converter http://www.developerfusion.com/tools/convert/vb-to-csharp/
Joe
2009-10-07 05:23:23
Thank you Joe !
Luke
2009-10-07 05:36:09
I do have a questions though. Would Dim output As String = Marshal.PtrToStringBSTR(pBStr) expose the string and the whole point of SecureString?
Luke
2009-10-07 05:43:10
yes. if you want to get the bytes to hash out of the SecureString then you will need access to the data inside. What are you trying to do that requires hashing a SecureString?
Joe
2009-10-07 15:42:22