[Warning this is not new stuff - but shouldn't be overlooked if you need to secure sensitive data in your application]
Isn’t “Secure String” an oxymoron for .Net? So if we are thinking about securing some sensitive data in say C or C++
its relatively simple load it into a char array memory and encrypt it, wiping the memory out after the information has been loaded.
Now try that with .Net! From the Microsoft site:
“A String is called immutable because its value cannot be modified once it has been created.“
So how can you destroy one? Set it to empty? Well simply put you can’t :-) . Once your string is not longer referenced,
or worse yet your object containing the string its time for the Garbage Collector to come and do its work. The problem
is if your object has been around long enough to get into Generation 1 or 2 then it is going to take a bit longer.
Hmmm so in translation if you keep a password, Credit Card, encryption key or some other sensitive text in memory as
a string you cant destroy it (think memset for us oldies!). Only the GC can free the memory for you, and you are
dependent on HOW it frees that memory. I personally don’t know for a fact if it memsets it to blank, or just dereferences
the pointer. However I would be willing to bet it is the option that requires the least amount of work and that doesn’t
bode well for controlling the exposure of our sensitive data.
发表于 2010-11-21 01:33
