Re: How to convert a SecureString into an encrypted String in a secure manner?
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Aug 2007 23:30:38 -0500
This may or may not be a good way to do this. It depends a lot on whether
you use a single symmetric key or multiple different keys, how you store the
keys and what you plan to do about a real random IV. It also depends a bit
on the algorithm used and the key length. It also depends on what the
threat models are.
If you are really concerned about what would happen if someone was able to
get the encrypted data and wanted to recover your passwords, you would
probably want to improve this. For example, if you use a single symmetric
key, recovery of that key will provide access to all of the passwords. If
you don't use a random IV, duplicate passwords will produce duplicate cipher
text which increases vunerability. It also makes the cipher text more
generally vulnerable to brute force attacks that could compromise the key.
In general, it is better to avoid storing encrypted passwords and store
hashes instead, but I'm guessing your system requires you to recover the
plaintext password, so you probably don't have a choice but to encrypt them.
You can probably make this significantly more secure though.
SQL Server 2005 has some built in ability to encrypt stored data, so it
might not be a bad idea to look into those features and try to leverage the
platform. I don't know much about how it works though.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<spam@xxxxxxxxxxxxxxxx> wrote in message
news:1188297357.314678.296800@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I'm designing a system for Windows initiated Single Sign-On against
RACF.
I keep my RACF-passwords in fields of the new .net 2.0 type
System.Security.SecureString. I need to store these passwords in a SQL
server 2005 database between user sessions. Hence, I need to convert
the SecureString into an encrypted string.
I could of course convert the SecureString into a string before
encryption, but this would compromise the security of the system.
My suggestion is to read the bytes of the SecureString byte by byte,
writing the each byte directly into a CryptoStream like this:
private static string SecurePassword2EncryptedPassword(SecureString
password)
{
SymmetricAlgorithm cryptoAlg = GetCryptoAlg();
ICryptoTransform encryptor = cryptoAlg.CreateEncryptor();
MemoryStream outStream = new MemoryStream();
using (CryptoStream encryptStream = new CryptoStream(outStream,
encryptor, CryptoStreamMode.Write))
{
IntPtr bstr = Marshal.SecureStringToBSTR(password);
try
{
byte b;
for (int ofset = 0; ofset < password.Length * 2;
ofset = ofset + 2)
{
b = Marshal.ReadByte(bstr, ofset);
encryptStream.WriteByte(b);
}
b = 0;
encryptStream.FlushFinalBlock();
}
finally
{
Marshal.ZeroFreeBSTR(bstr);
}
return Convert.ToBase64String(outStream.ToArray());
}
}
Is my way, the secure way to converte a SecureString into an encrypted
string? Or should I do something else?
Best regards
Michael Brandt Lassen
3F, Denmark
.
- References:
- Prev by Date: Re: Secure Credential's pwd handling
- Next by Date: Re: Secure Credential's pwd handling
- Previous by thread: How to convert a SecureString into an encrypted String in a secure manner?
- Next by thread: Re: How to convert a SecureString into an encrypted String in a se
- Index(es):
Relevant Pages
|
