Re: Destroy a string
- From: rossum <rossum48@xxxxxxxxxxxx>
- Date: Thu, 04 Jan 2007 12:17:19 +0000
On Thu, 4 Jan 2007 01:43:31 +0100, "Willy Denoyette [MVP]"
<willy.denoyette@xxxxxxxxxx> wrote:
"rossum" <rossum48@xxxxxxxxxxxx> wrote in message
news:dhhop29evnktodbpniotoujsobi5ft7imh@xxxxxxxxxx
On Wed, 3 Jan 2007 16:13:58 -0600, "Ben Voigt" <rbv@xxxxxxxxxxxxx>
wrote:
There may also be a copy on disk in swapspace, on automatic backups
"rossum" <rossum48@xxxxxxxxxxxx> wrote in message
news:c49op25un1a4lho1isikia8nvuueog06co@xxxxxxxxxx
On 3 Jan 2007 06:11:00 -0800, "Mark C" <MarkJohnCrosbie@xxxxxxxxx>
wrote:
I know a string is immutable, but is there any trick or any other wayNot so much destroy the string as overwrite it:
to destroy a string
Thanks
www.quiznetonline.com
/// <summary>
/// Overwrites a string in-situ. Useful for removing
/// evidence of keys, passwords etc.
/// </summary>
/// <param name="text">The string to overwrite.</param>
public static unsafe void OverwriteString(string text) {
const char overwriteChar = 'X';
fixed (char* cp = text) {
for (int i = 0; i < text.Length; ++i) {
cp[i] = overwriteChar;
} // end for
} // end fixed
} // end OverwriteString()
The string is still on the heap, but the sensitive information it
contained is no longer there.
The current location of the buffer is wiped, but if the string survived a
generation, the garbage collector has made copies :(
and written on a post-it under the keyboard. It is not possible to be
completely secure, all that is possible is to make the attacker's job
more difficult.
rossum
That's why the SecureString was invented, it get's allocated in a non swappable fixed
portion of the process heap, it's contents get's encrypted and it' doesn't need the GC to
get wiped-out.
Willy.
The problems I have with SecureString are firstly that I cannot use it
directly, very few .NET methods accept SecureString as a parameter. I
have to take my sensitive data out of the secure string and transfer
it to something insecure, such as a string or a byte array, before I
can do anything useful with it. For example, none of the various
GetBytes() methods takes a SecureString as a parameter, I have to
write my own function to do this. I don't want to have to rewrite all
the .NET methods that can take a string as a parameter just so I can
have a SecureString as a parameter.
Secondly, I understand that SecureString is either uncertain, or not
present, in .NET 3, so I am reluctant to use something that I am just
going to have to rewrite when I come to upgrade.
SecureString is fine for storing something during the life of a
program, but it is not practical for anything other than pure storage.
In order to use it I have to put the secure data into other
non-encrypted containers. Hence the need to wipe those containers
when I am finished with them. I can wipe a byte array easily enough.
With a string I need to drop into unsafe code to do the wiping.
rossum
.
- Follow-Ups:
- Re: Destroy a string
- From: Willy Denoyette [MVP]
- Re: Destroy a string
- From: Jon Skeet [C# MVP]
- Re: Destroy a string
- References:
- Destroy a string
- From: Mark C
- Re: Destroy a string
- From: rossum
- Re: Destroy a string
- From: Ben Voigt
- Re: Destroy a string
- From: rossum
- Re: Destroy a string
- From: Willy Denoyette [MVP]
- Destroy a string
- Prev by Date: Re: csv read write
- Next by Date: Getting updated string from unmanaged DLL
- Previous by thread: Re: Destroy a string
- Next by thread: Re: Destroy a string
- Index(es):
Relevant Pages
|
