Monday, April 18, 2005

SecureString in Whidbey 2005

Enter Password: ********** .What if the password you’ve kept alive till the transaction is not garbage collected?
Enter Credit Card Number: 54XX-XXXX-XXX-XXXX. Are you sure enough that, your own encrypting algorithm will clean up memory, after the credit card info is validated?
Enter your SSN Number; Enter your Account Number, the list seems unending.

Assigning sensitive data to string is more common development strategy. String class in .NET flexible and is immutable. Immutable in the sense, once the instance of string variable is created, it is read-only, and it is not possible to predict when that instance is garbage collected. Having no control over finalization, makes us to think twice while assigning a password to string variable.

There is a new class available in .NET 2005, “SecureString”. In this entry, I will evaluate some of the features of securing your secure info, leveraging new SecureString class.

A SecureString object is same as String object. Both can hold text values. SecureString is available in System.Security name space. SecureString represents that the text should be encrypted. It represents text that should be kept confidential and is encrypted for privacy when being used, and deleted from computer memory when no longer needed. That is, it guarantees that data should be deleted from computer memory, after use. (No more waiting till GC cleans!!!). That is SecureString has deterministic destruction(will have its destruction well defined) after usage. SecureString can encrypt/decrypt data on its own, and uses windows well defined and proven encryption/decryption methods. When we assign a password to secure string, the data is encrypted, and when we retrieve, it is decrypted. The value of an SecureString instance is automatically encrypted when the instance is initialized or modified.
The value of an instance of SecureString is automatically encrypted when the instance is initialized or when the value is modified. Your code can render the instance immutable and prevent further modification by invoking the MakeReadOnly method.
SecureString has no members that inspect, compare, or convert the value of a SecureString. The absence of such members helps protect the value of the instance from accidental or malicious exposure.


Post a Comment

<< Home