使用安全字符串并确保其安全 [英] Using Secure String and Keeping it Secure

问题描述

因此.NET框架提供了 SecureString 用于以安全方式存储字符串的类.但是要阅读信息并使用它，您必须将其返回到标准字符串.参见此实现示例.

So the .NET framework provides the SecureString class for storing strings in a secure fashion. But to read the information and work with it you have to return it to a standard string. See this implementation example.

从使用指针的示例中可以看到，我们返回了未加密的字符串.现在我们该如何管理字符串的不安全"实例?设置值后，最安全的处理方式是什么?

As you can see from the example using the pointer we return an unencrypted string. How to do we now manage that "insecure" instance of the string? What is the most secure way to work with the value once it has been set?

修改

这个问题的目的是讨论在使用SecureStrings然后使用这些值时减少潜在攻击表面积的方法.不是关于重复"链接的为什么".

The purpose of this question was to discuss methods to REDUCE the surface area of potential attack when using SecureStrings and then working with the values. Not the "why" as to the "duplicate" link.

推荐答案

放置 String ，您将重新介绍使用此处列出的字符串的问题:

In placing the contents of a SecureString back into a String, you reintroduce the problems of using strings that are listed out here:

http://blogs.msdn.com/shawnfa/archive/2004/05/27/143254.aspx

使用SecureString，提供了将内容封送到非托管内存中的选项，以便您可以访问数据，然后在处理完数据后处置.

With SecureString, there are options that are provided to marshal the contents into unmanaged memory so you can access the data and then dispose of the data when done with it.

这些是托管代码所没有的选项.在处理非托管字节时，您可以将内存清零，确保未将其分页到磁盘等，这正是您要在此处减少攻击面的方式.

These are options you just don't have with managed code. In working with unmanaged bytes, you can zero out the memory, make sure it's not paged to disk, etc, etc, which is exactly what you want to do to reduce the attack surface here.

这里的关键是不创建另一个String实例，并以一种更易于管理安全性的方式处理数据(不幸的是，非托管代码是正确的)现在).

The key here is to not make another instance of String and work with the data in a way where security is easier to manage when dealing with this data (which unfortunately, is unmanaged code right now).

这篇关于使用安全字符串并确保其安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！