我什么时候需要在.NET中的SecureString的? [英] When would I need a SecureString in .NET?
问题描述
我想神交.NET的SecureString的目的。从MSDN:
System.String类的一个实例是既不可变的,如果不再需要,不能以编程方式安排垃圾回收;即,该实例是只读被创建之后,这是不可能的predict当实例将被从计算机内存中删除。因此,如果字符串对象包含敏感信息,如密码,信用卡号,或个人数据,存在这样的风险之后它被使用,因为你的应用程序不能从计算机存储器中删除数据的信息可以被揭示。
一个SecureString的对象是类似的,因为它具有文本值的String对象。然而,SecureString的对象的值被自动加密,可以被修改,直到您的应用程序标记为只读,并且可以从计算机内存无论您的应用程序或.NET Framework垃圾回收器被删除。
当实例被初始化时或者在修改值SecureString的实例的值被自动加密。您的应用程序可以通过调用MakeReadOnly方法使实例不可变和prevent进一步修改。
是自动加密的大的诱惑?
为什么我不能只是说:
SecureString的密码=新SecureString的(密码);
而不是
SecureString的通=新SecureString的();
的foreach(字符c。在密码.ToCharArray())
pass.AppendChar(C);
什么方面SecureString的对我缺少什么?
框架的某些部分,目前使用SecureString的:
- 在WPF的PasswordBox控制保持密码作为内部一个SecureString的。
- System.Diagnostics.ProcessInfo的密码属性是一个SecureString的。
- 的构造X509Certificate2需要一个SecureString的密码。
的主要目的是减少攻击面,而不是消除它。在RAM SecureStrings被钉,因此垃圾回收器不会移动它,或进行其副本。这也确保了明文将不会被写入到交换文件或核心转储。加密更像是迷惑,也不会阻止意志坚定的黑客,但是,谁能够找到用于加密和解密对称密钥。
正如其他人所说的原因,你必须创建一个SecureString的字符用字符是因为这样做,否则的第一个明显的缺陷:你presumably有秘密值作为一个纯字符串了,所以什么点?
SecureStrings在解决一个鸡和蛋的问题的第一步,所以尽管目前大多数情况下需要将它们放回普通字符串进行任何利用他们所有,他们的存在,在框架现在意味着获得更好的支持他们在将来。至少,到一个点,你的程序没有成为薄弱环节。
I'm trying to grok the purpose of .NET's SecureString. From MSDN:
An instance of the System.String class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used because your application cannot delete the data from computer memory.
A SecureString object is similar to a String object in that it has a text value. However, the value of a SecureString object is automatically encrypted, can be modified until your application marks it as read-only, and can be deleted from computer memory by either your application or the .NET Framework garbage collector.
The value of an instance of SecureString is automatically encrypted when the instance is initialized or when the value is modified. Your application can render the instance immutable and prevent further modification by invoking the MakeReadOnly method.
Is the automatic encryption the big payoff?
And why can't I just say:
SecureString password = new SecureString("password");
instead of
SecureString pass = new SecureString();
foreach (char c in "password".ToCharArray())
pass.AppendChar(c);
What aspect of SecureString am I missing?
Some parts of the framework that currently use SecureString:
- WPF's PasswordBox control keeps the password as a SecureString internally.
- System.Diagnostics.ProcessInfo's Password property is a SecureString.
- The constructor for X509Certificate2 takes a SecureString for the password.
The main purpose is to reduce the attack surface, rather than eliminate it. SecureStrings are "pinned" in RAM so the Garbage Collector doesn't move it around or make copies of it. It also makes sure the plaintext won't get written to the Swap file or in core dumps. The encryption is more like obfuscation and won't stop a determined hacker, though, who would be able to find the symmetric key used to encrypt and decrypt it.
As others have said, the reason you have to create a SecureString character-by-character is because of the first obvious flaw of doing otherwise: you presumably have the secret value as a plain string already, so what's the point?
SecureStrings are the first step in solving a Chicken-And-Egg problem, so even though most current scenarios require converting them back into regular strings to make any use of them at all, their existence in the framework now means better support for them in the future. At least, to a point, where your program doesn't have to be the weak link.
这篇关于我什么时候需要在.NET中的SecureString的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
