Re: Secure Credential's pwd handling

I completely respect your desire to try to make sure you do the best you can
in terms of securing this information. As you've seen, you still need to
transition to a plaintext representation to feed into the NetworkCredentials
object, so at some point the value will be in memory. There isn't that much
that you can do to prevent that.

If you need to store the password for multiple operations, you might
consider storing it in a SecureString and then converting it back to string
just when you need it, but it isn't clear that doing so will provide you
with a significant amount of protection. It is probably better than doing
nothing though.

SecureString is added to .NET to support this use case. The main problem
with it is that so many APIs from the previous version of .NET don't use it
and they have to continue to exist for backwards compatibility, so the
solution you get is incomplete. There isn't too much you can do about this
though.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Paolo Pagano" <ppagano@xxxxxxxxxxxxxx> wrote in message
news:eyK%23Bnl6HHA.4476@xxxxxxxxxxxxxxxxxxxxxxx
Starting from UI 'asterisk-covered password' TextBoxes I red things like:
"...there are some serious flaws in the methods that Windows operating
systems protect this information..." (memory lookup by malitious code?
resident spy utilities?)

further: managed environment (GC delayed runs, moved/copyed objects),
read/write of processes memory pages to disk, ecc.. are all things
considered not 100% secure...

I Honestly don't know if these are real threats, just asking to myself
"I'm asking the user for network credentials: am I coding a security hole
in my .NET application? What's the best can I do?'".

To conclude: why "SecureString" if keeping strings in my managed process
memory is secure enough?



.

Relevant Pages

  • Re: Secure Credentials pwd handling
    ... strings that are produced when you read the properties. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... so at some point the value will be in memory. ... SecureString is added to .NET to support this use case. ...
    (microsoft.public.dotnet.security)
  • Re: Best practice SecureString and pswd collection
    ... adversary is able to read page file when the memory page containing the password is paged to the file. ... And if someone has access to your process memory, then secure string is not going to protect your password either, because in the latter case it is possible to recover encryption key which is used for encrypting the password. ... The thing is that SecureString takes its origin from middle of 90th when someone reported that Windows NT stores clear text passwords on hard disk... ...
    (microsoft.public.dotnet.security)
  • Re: Secure Credentials pwd handling
    ... UI elements to net requests credentials seems needed (it's easy obtain the ... window handler of a pwd TextBox... ... so at some point the value will be in memory. ... SecureString is added to .NET to support this use case. ...
    (microsoft.public.dotnet.security)
  • Re: ULS Flaw?
    ... then you missed a step in securing the database. ... you won't be able to open the mdb unless you use the correct secure mdw file. ... I copy CreatedOnPC1.mdb to a memory stick ... opens. ...
    (microsoft.public.access.security)
  • Re: System.String vs SecureString
    ... that scatters copies of the string around in memory. ... that does not guarantee the memory is zeroed out - just that the memory is marked as free. ... ATM there are two classes in 2.0 that make use of it, Process.Start and X509Certificate2 - i want to see a SqlConnection class and similar supporting SecureString. ... How can an attacker read the managed memory? ...
    (microsoft.public.dotnet.security)