如何SecureString的"加密"仍然可以使用吗? [英] How is SecureString "encrypted" and still usable?
问题描述
根据MSDN SecureString的内容的加密额外的安全性,因此,如果该方案被交换到磁盘的字符串的内容不能被嗅探。
According to MSDN SecureString contents is encrypted for additional safety so that if the program is swapped to disk the string contents can't be sniffed.
如何为这种加密可能不知道?该算法将被固定,因此,无论是公知的或扣除(说七个工业上广泛使用的算法的一个)和必须有在程序的某处的一个关键。这样攻击者就可以取加密的字符串,获取密钥和解密数据。
How is such encryption possible I wonder? The algorithm would be fixed and therefore either well-known or deductible (say one of seven widely used in industry algorithms) and there must be a key somewhere in the program. So the attacker could fetch the encrypted string, fetch the key and decrypt the data.
试问,这样的加密是有用的?
How can such encryption be useful?
推荐答案
我是从有关的 DPAPI 的被用于导出密钥。这应该回答您有关于SecureString的大多数问题。
I'm quoting from an article about the DPAPI which is used to derive the key. This should answer most questions that you have about SecureString.
是的,SecureString的也有缺点,而不是完全安全的,有办法对数据的访问,例如,注射的鹰眼的进入被提及MSDN上,以此来提取SecureString的过程。我没有亲自verifed这个assertation。
And yes, SecureString has drawbacks and is not completely secure, there are ways to access to data, for example, injecting Hawkeye into the process is mentioned on MSDN as a way to extract the SecureString. I have not personally verifed this assertation.
DAPI是一个基于对称加密技术中,这意味着它使用相同的密钥来加密和解密数据。在开始讨论之前对如何利用DAPI是值得覆盖DAPI如何管理其关键的一些例子。在大多数情况下DAPI关键管理流程invisble和你一般不必担心,这是最主要的原因DAPI是一个不错的办法。
DAPI is a symmetric based encryption technique, which means it uses the same key to both encrypt and decrypt data. Before getting to some examples of how to use DAPI it's worth covering how DAPI manages its key. For the most part DAPI key management process is invisble and you generally don't need to worry about it, which is the main reason why DAPI is a good approach.
在介绍我写道,主密钥是从用户的登录口令生成。这是不完整的画面。而实际上,Windows使用用户的登录口令生成主密钥。这个主密钥使用用户的密码保护,并且然后连同用户的配置文件存储。这个主密钥然后被用于导出一个数其他密钥和它的,用于保护数据这些其他键。
In the introduction I wrote that the master key is generated from the user's login password. This isn't the complete picture. What actually happens is Windows uses the user's login password to generate a master key. This master key is protected using the user's password and then stored along with the user's profile. This master key then gets used to derive a number of other keys and it's these other keys that are used to protect the data.
之所以Windows不会这是它允许应用程序添加附加信息,称为熵,以生成所述individul密钥的过程。你看,如果用户的登录帐户下运行的每一个应用程序中使用相同的密钥,然后每一个应用程序可以取消保护DAPI保护的数据。有时你可能希望应用程序能够共享DAPI保护的数据;不过,有时你会不会。通过使应用有助于熵到一个密钥的产生则该密钥成为特定应用和由该应用程序保护的任何数据只能被保护再次,如果他们知道该熵。
The reason why Windows does this is it allows applications to add additional information, called entropy, to the process of generating the individul keys. You see if every application running under the user's login account used the same key then every application could unprotect DAPI protected data. Sometimes you might want applications to be able to share DAPI protected data; however, sometimes you won't. By letting the application contribute entropy to the generation of a key then that key becomes application specific and any data that is protected by that application can only be unprotected again if they know the entropy.
虽然生成主键,然后使用该主密钥生成其他的键来完成实际的加密,似乎是一个长篇大论的办法是有一个主要的优势。由于在用户密码保护的主密钥和用于保护它意味着当用户改变他们的密码,然后仅主密钥需要被再保护的数据的实际的键之间的抽象的附加水平;没有任何保护的数据的需要重新保护。由于主密钥是在尺寸比则显著性能节约由数据小得多。
Although generating a master key, and then using that master key to generate other keys to do the actual encryption, might seem like a long winded approach it does have one major advantage. Since there is an additional level of abstraction between the user password protected master key and the actual keys used to protect the data it means that when the user changes their password then only the master key need to be re-protected; none of the protected data needs to be re-protected. Since the master key is much smaller in size than the data then a significant performance saving is made.
当用户的密码更改的话当然会生成一个新的主密钥。这个新的主密钥然后用于生成新的个体密钥。然而,由于所有的previously生成单独的按键均来自旧的主密钥,然后Windows需要存储所有previous主密钥,它确实。窗户永远不会忘记一个主密钥和所有受保护的数据上都标有一个GUID,指示该主密钥是用来保护数据。所以在适应性DAPI而言是能够应付改变用户的密码,同时确保一个),该保护的数据并不需要重新保护的,以及b)用于$ P $将键pviously保护数据仍然可用和C)这一切都是自动为你。
When the user's password changes then of course a new master key is generated. This new master key is then used to generate new individual keys. However, since all the previously generated individual keys were derived from the old master key then Windows needs to store all previous master keys, which it does. Windows never forgets a master key and all protected data is marked with a GUID that indicates which master key was used to protect the data. So in terms of adaptability DAPI is able to cope with changes to users' passwords, while ensuring a) that protected data doesn't need to be re-protected, and b) that keys used to previously protect data as still available, and c) it does all this automatically for you.
除非计算机是域的成员,DAPI只能所使用的同一台机器上不受保护的数据来保护它。
Unless the computer is a member of a domain DAPI can only unprotected data on the same machine that was used to protect it.
除了允许用户级别的保护,在主密钥基于用户密码和保护的一个用户的数据不能被其他用户不受保护,DAPI还提供了计算机级别的保护,在该主密钥是基于特定机器信息。机级的主密钥允许应用程序存储的受保护数据,以便它可以被保护的应用程序的所有用户。在已描述的方法,唯一的区别是主密钥从机的特定信息不是用户指定信息生成的。
As well as allowing user level protection, in that master keys are based on user passwords and protected data for one user cannot be unprotected by another user, DAPI also provides machine level protection, in that the master keys are based on machine specific information. Machine level master keys allow applications to store protected data so that it can be unprotected by all users of the application. The only difference in the process already described is the master key is generated from machine specific information not user specific information.
这篇关于如何SecureString的"加密"仍然可以使用吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
