Re: Best practice SecureString and pswd collection



Hello,

my implementation is a CommonDialog, which can be dragged on a form and
invoked easily...

Greetings,
Henning Krause

"Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx> wrote in message
news:epVpt$AVGHA.328@xxxxxxxxxxxxxxxxxxxxxxx
Hi Henning,

Yup .. I'm already aware of pinvoking like that ..
looked at 2 references herein:

http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c

But there should obviously be a managed simplified wrapper fn which
simplifies this procedure. Should be a nice simple .net implementation
to prompt a user for providing a pswd which securely manages the memory of
the string and returns a SecureString to be used by (granted few)
functions that accept a SecureString arg.

Cheers,
- Mitch Gallant

"Henning Krause [MVP]" <newsgroups.remove@xxxxxxxxxxxxxxxxx> wrote in
message news:OK%232%23rAVGHA.328@xxxxxxxxxxxxxxxxxxxxxxx
Hello,

you can use the CredUIPromptForCredential function.

If you google for this, you will find plenty of implementations. I've one
on my website, too :-)

http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx

Greetings,
Henning Krause

"Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx> wrote in message
news:u4kfYDAVGHA.1868@xxxxxxxxxxxxxxxxxxxxxxx
Using .NET 2 managed code only, what is the best that
can be done security-wise in collecting a password from
the user (as console or some pswd control dialog) and
passing to a function (like X509Certificate.Import)
which can accept a SecureString?

What about pinvoking to access a secure password dialog
input? Going out of managed code, but does this remove
immutable string input ?

- Mitch








.



Relevant Pages

  • Re: Best practice SecureString and pswd collection
    ... I'm already aware of pinvoking like that .. ... But there should obviously be a managed simplified wrapper fn which ... functions that accept a SecureString arg. ...
    (microsoft.public.dotnet.security)
  • Re: Best practice SecureString and pswd collection
    ... Henning Krause ... plans exist to implement secured credentials prompting in future ... and the pswd dialog that is used there (probably some internal ... the string and returns a SecureString to be used by ...
    (microsoft.public.dotnet.security)
  • Re: Best practice SecureString and pswd collection
    ... SecureString password = new SecureString; ... This way, you again have the password in string representation, and you ... Henning Krause ... The basic code for building the SecureString from keystrokes is: ...
    (microsoft.public.dotnet.security)
  • Re: Best practice SecureString and pswd collection
    ... plans exist to implement secured credentials prompting in future ... and the pswd dialog that is used there (probably some internal ... functions that accept a SecureString arg. ...
    (microsoft.public.dotnet.security)