没有SecureString的情况下如何保护字符串? [英] How to protect strings without SecureString?

问题描述

用例是在c#中的内存编程中保护字符串. 使用类SecureString( https://docs.microsoft.com/zh-cn/dotnet/api/system.security.securestring?view=netframework-4.7.2 ).

The use case is to protect strings in memory programming in c#. The use of the class SecureString (https://docs.microsoft.com/en-us/dotnet/api/system.security.securestring?view=netframework-4.7.2) is discouraged by Microsoft itself.

我想知道它是否可以替代:

I was wondering if it could be a valid alternative to:

• 将字符串转换为字节数组，然后立即将字符串设置为null(并最终调用垃圾回收器)，
• 使用ProtectedMemory类对字节数组进行加密.

有什么建议吗?

推荐答案

我不会说它被Microsoft劝阻"-过于简单了.实际原因在此页面中给出( https://github .com/dotnet/platform-compat/blob/master/docs/DE0001.md )，该参数似乎是不值得在.NET Core中使用它"总体而言并不安全.

I wouldn't say it's "discouraged by Microsoft" - that's an oversimplification. The actual reasons are given in this page ( https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md ) and the argument seems to be "it isn't worth the effort to use it in .NET Core", and not that it isn't secure overall.

我认为SecureString 是安全的……但仅适用于Windows上的.NET Framework.我链接到的页面来自跨平台的.NET Core项目-因此，劝阻或禁止在.NET Core中使用SecureString是有意义的-但如果您的项目针对的是.NET Framework(这是排他性的， (适用于Windows)或针对Windows的.NET Core 定位-那么就可以了.引号如下(强调我的意思):

I contend that SecureString is secure... but only for the .NET Framework on Windows. The page I linked to is from the .NET Core project which is cross-platform - so it makes sense to discourage or disallow the use of SecureString in .NET Core - but if your project is targeting .NET Framework (which is exclusive to Windows) or is targeting .NET Core for Windows - then you're fine. The quote is below (emphasis mine):

除了.NET Framework上的内容以外，数组的内容未加密 .

如果仅通过使用Append方法直接将机密直接读取到SecureString中，则

BTW，SecureString可以安全地用于避免内存中出现明文.从控制台读取密码(伪代码)时，这非常有用:

BTW, SecureString can be used securely to avoid cleartext in memory if you only read secrets directly into the SecureString directly by using its Append method. This is most useful when reading passwords from the console (pseudocode):

Console.WriteLine( "Enter your password" );
SecureString password = new SecureString();
while( Char c = Console.ReadKey() != '[Enter'] ) {
    password.Append( c );
}

...但是，如果以后需要访问该字符串的明文版本，则它的安全性较差(尽管希望明文字符串可以被GC收集为第0代对象).

...however if you need access to the cleartext version of the string afterwards then it's less secure (though the cleartext string would hopefully be collected by GC as a Generation 0 object).

关于您的建议:

• 将字符串转换为字节数组，然后立即将字符串设置为null(并最终调用垃圾回收器)
• 使用ProtectedMemory类对字节数组进行加密.

• transform the string in a byte array and immediately set the string to null (and eventually call the garbage collector)
• encrypt the byte array with the class ProtectedMemory.

这确实是SecureString的工作方式，仍然遇到相同的问题:加密内容的明文副本在内存中仍然存在很短的时间-这就是问题.

This is exactly how SecureString works already, and it still suffers from the same problems: the cleartext copy of the encrypted contents still exists in memory for a short period of time - that's the problem.

这篇关于没有SecureString的情况下如何保护字符串?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！