One of the feature requests I've got for the program I'm working on is to be able to save the list of credentials users enter in, so they can be shared around. The specific use case that inspired this request was using our program on a large corporate network, made up of fairly good LANs connected by a flaky WAN. The idea was that, inste...
In the small application that I'm currently developing for a customer I need to ask the user for his windows login username, password and domain and then use those with System.Diagnostics.Process.Start to start an application. I have a textbox with UseSystemPasswordChar to mask the entered password. I need a System.Security.SecureStri...
So the .NET framework provides the SecureString class for storing strings in a secure fashion. But to read the information and work with it you have to return it to a standard string. See this implementation example. As you can see from the example using the pointer we return an unencrypted string. How to do we now manage that "insec...
I am wanting to try to tie the CryptUnprotectData windows API function and the .net SecureString together the best way possible. CryptUnprotectData returns a DATA_BLOB structure consisting of an array of bytes and a byte length. In my program this will be a Unicode UTF-16 string. SecureString has a constructor which takes a char* and ...
Hi guys, I have begun building a secure string type - which i call SecureStringV2 - to extend the existing SecureString type in the .Net framework. This new type is going to add some basic functionality (checking for equality, comparing etc) to the existing type but still maintain the security provided by the SecureString type, that is ...
I am developing a Remoting application where a client looks up store specific information to login to a web server. It sets the user name and passwords in a class that stores the properties as System.Security.SecureString. I then try to pass the class with the login credentials to a server object that uses it to connect to the web host, ...
I would like to create a variable, a secure one, that is more or less a CONST to use in my code. I've looked into using System.Security.SecureString, and that looks like it could be the ticket as I don't want the user to find out this password. The only problem comes with initializing it. In most cases, it looks like the SecureString ...
I would like to use a SecureString varible within VB.NET and convert that to a SHA1 or SHA512 hash. How would I securely convert the SecureString to the Byte array that HashAlgorithm.ComputeHash will accept? ...
I've always felt like SecureString was a little odd, but assumed most of my issues with it were due to security problems I don't understand. Today I decided to sit down and teach myself about it, but I've hit what seems like a fatal snag. The scenario I envision is "user enters password into text box, that password is hashed and compar...
Is there any way to get the value of a SecureString without comprising security? For example, in the code below as soon as you do PtrToStringBSTR the string is no longer secure because strings are immutable and garbage collection is non-deterministic for strings. IntPtr ptr = Marshal.SecureStringToBSTR(SecureString object); string valu...
Hi, I want to use a SecureString to hold a connection string for a database. But as soon as I set the SqlConnection object's ConnectionString property to the value of the securestring surely it will become visible to any other application that is able to read my application's memory? I have made the following assumptions: a) I am not ...
Can this be simplified to a one liner? Feel free to completely rewrite it as long as secureString gets initialized properly. SecureString secureString = new SecureString (); foreach (char c in "fizzbuzz".ToCharArray()) { secureString.AppendChar (c); } ...
Alright, so I tried to make my users info super secure by adding '" . sha1($_POST['password']) . "' when inserting their password when they register. THAT WORKS great, looking at the database, I have no clue what their password is. Now the problem is logging in. I'm running some tests and when I try to log in, the password 12345 doesn't...
My application makes use of the RijndaelManaged class to encrypt data. As a part of this encryption, I use a SecureString object loaded with a password which get's get converted to a byte array and loaded into the RajindaelManaged object's Key at runtime. The question I have is the storage of this SecureString. A user entered password...
I've been looking into using the System.Security.SecureString class to hold credit card numbers in memory while they are being processed. Has anyone used the SecureString class for holding credit card numbers, or do most just use the normal System.String class? ...
I know there is the SecureString class, but for most scenarios I don't think it's really useful. For example, let's say I have a client/server system. The server doesn't need an application made by me, it could be even SQL Server without integrated authentication. When the user enters his password on a form in the client app, it's store...