Hi All!
I want to clear the string contents from sensitive information
such as passwords, and etc.
It's always a case that password will appear as string at some point
or another. And i feel uneasy leaving it hanging in memory indefinitely
(especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLin e();
if (string.IsInter ned(pass) == null)
{
unsafe
{
fixed(void* pv = pass)
{
char* pb = (char*)pv;
for(int i =0; i<pass.Length; ++i)
pb[i] = '0';
}
}
}
Console.WriteLi ne(pass);
Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed.
What do you all think about this? 10 11098
What's the trouble with just overwriting it with a new value?
pass = new String();
Since this is still the same variable, I don't think the app hangs on to old
values - since they are unretreivable at that point. Right? Are you
overthinking the problem? Or am I missing something?
"cppdev" <cp*****@yahoo. com> wrote in message
news:fc******** *************** **@posting.goog le.com... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLin e(); if (string.IsInter ned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLi ne(pass);
Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed.
What do you all think about this?
"Frank Drebin" <no*****@imsick ofspam.com> wrote in message
news:bJ******** **************@ newssvr28.news. prodigy.com... What's the trouble with just overwriting it with a new value?
pass = new String();
That doesn't work. All you're doing is creating a new
String object and replacing the pointer. The old string
object is still in memory, flagged for garbage collection.
However, the garbage collector may not run for a couple
minutes and it's possible a cracker could scan and see
it before that happens.
Strings are immutable, period. There is no way to
replace the contents in a string once it is created.
The only option might be to use a value type which
keeps it on the stack only for the life of the method
in which its used. You might write your own basic
string class which works with char[] (which is also
a value type).
That way no heap memory is ever allocated and
therefore harder to track down. However, there is
always that few seconds when the password is
visible on the stack. Perhaps some clever (and ugly)
coding in the Value type for working with the
char[] would insert random characters at predefined
spaces to throw off a casual observer.
Since this is still the same variable, I don't think the app hangs on
to old values - since they are unretreivable at that point. Right? Are you overthinking the problem? Or am I missing something?
The memory has not yet been overwritten. The heap memory is
still allocated and the CLR still has a reference to that
memory slot. The reference will be flagged for garbage
collection and collected/free'd at the next available
GC slot. However, it's not clear whether .NET will zero-out
the memory, or just leave it there to be overwritten
later. My guess is that it DOES NOT zero-out the memory.
Alternatively, you might use unsafe code in C# to get
a block of memory in which to store the password
while you work with (of course you have to use old-style
C string logic which is ugly) and then zero it out
yourself when you're done.
-c "cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** **@posting.goog le.com... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory
indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLin e(); if (string.IsInter ned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLi ne(pass);
Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed.
What do you all think about this?
"Frank Drebin" <no*****@imsick ofspam.com> wrote in message
news:KC******** **************@ newssvr28.news. prodigy.com... Understood..
And if you did this:
pass = new String(); pass = "mypassword "; pass = " ";
Are you suggesting the same thing happens? In that in the above
example, there is the current version of "pass" and two old versions that are
flagged for gc? Since the memory is already allocated - why wouldn't it just
change the actual memory data??
The "pass" variable is just a reference.
The "new" operator in .NET returns a REFERENCE to the
newly-created object on the heap.
In C++, the example would be:
String* pass = new System::String( "1");
pass = new System::String( "2, mypassword");
pass = new System::String( "3, ");
So you see, string 1 and 2 are still there, you just
got rid of your reference them.
[paraphrased, this isn't necessarily 100% accurate]
[yes, I know .NET doesn't do reference counting, but
this is just for illustration]
Behind the scenes, when the new operator is called,
it allocates the memory on the heap and creates
a new Reference object to store the pointer in.
It has some type of collection of Referers and it
gives you a Referers token.
So the "pass" value actually just contains a
referer token to the actual reference.
When the variable/token goes out of scope, or you
assign null to your variable/token, .NET will
remove your token.
This is handy because .NET can move the memory
around whenever it wants and updates the
actual pointer without affecting your code
in any way.
When there are no more referers, .NET flags
the pointer for garbage collection.
So you see, just because you no longer have
a pointer to Strings 1 and 2, it doesn't mean
no one has a pointer to it.
1, 2, and 3 all are unique objects in different
parts onthe heap and "pass" has a completely
different value in all 3 cases.
The memory of 1 and 2 is still allocated,
and even after it's garbage collected, it might
not actually get zeroed out or overwritten until
a little later.
Secondly, what is the ultimate form you need for the password and why
not get it coverted as soon as possible. For example, if the password is
coming from a textbox - sha1 hash the password into a string - then you don't
have to worry about it..
Unfortunately, this is a very complicated problem. TextBox
has a Text property of type String which has a copy of the
password.
When you get a ref of the string from which to generate
the hash, it's possible that another copy might get created.
You might end up with 1-3 copies of the string in memory :(
<snip>
-c "Chad Myers" <cm****@N0.SP.4 M.austin.rr.com > wrote in message news:8r******** ***********@twi ster.austin.rr. com... "Frank Drebin" <no*****@imsick ofspam.com> wrote in message news:bJ******** **************@ newssvr28.news. prodigy.com... What's the trouble with just overwriting it with a new value?
pass = new String();
That doesn't work. All you're doing is creating a new String object and replacing the pointer. The old string object is still in memory, flagged for garbage collection. However, the garbage collector may not run for a couple minutes and it's possible a cracker could scan and see it before that happens.
Strings are immutable, period. There is no way to replace the contents in a string once it is created.
The only option might be to use a value type which keeps it on the stack only for the life of the method in which its used. You might write your own basic string class which works with char[] (which is also a value type).
That way no heap memory is ever allocated and therefore harder to track down. However, there is always that few seconds when the password is visible on the stack. Perhaps some clever (and ugly) coding in the Value type for working with the char[] would insert random characters at predefined spaces to throw off a casual observer.
Since this is still the same variable, I don't think the app hangs
on to old values - since they are unretreivable at that point. Right? Are
you overthinking the problem? Or am I missing something?
The memory has not yet been overwritten. The heap memory is still allocated and the CLR still has a reference to that memory slot. The reference will be flagged for garbage collection and collected/free'd at the next available GC slot. However, it's not clear whether .NET will zero-out the memory, or just leave it there to be overwritten later. My guess is that it DOES NOT zero-out the memory.
Alternatively, you might use unsafe code in C# to get a block of memory in which to store the password while you work with (of course you have to use old-style C string logic which is ugly) and then zero it out yourself when you're done.
-c
"cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** **@posting.goog le.com... > Hi All! > > I want to clear the string contents from sensitive information > such as passwords, and etc. > > It's always a case that password will appear as string at some
point > or another. And i feel uneasy leaving it hanging in memory
indefinitely > (especially in case when string is Interned). > > So at leats for the case when string is not interned i propose: > > string pass = Console.ReadLin e(); > if (string.IsInter ned(pass) == null) > { > unsafe > { > fixed(void* pv = pass) > { > char* pb = (char*)pv; > for(int i =0; i<pass.Length; ++i) > pb[i] = '0'; > } > } > } > Console.WriteLi ne(pass); > > Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed. > > What do you all think about this?
That will not work. Yes everytime you use a string variable a new string
object is created.
Inefficient that is what you should be using the stringbuilder.
What about StringBuilder? could that help you?
If that is not an option I would do it in unmanaged code "C"
"Frank Drebin" <no*****@imsick ofspam.com> wrote in message
news:KC******** **************@ newssvr28.news. prodigy.com... Understood..
And if you did this:
pass = new String(); pass = "mypassword "; pass = " ";
Are you suggesting the same thing happens? In that in the above example, there is the current version of "pass" and two old versions that are
flagged for gc? Since the memory is already allocated - why wouldn't it just
change the actual memory data??
Secondly, what is the ultimate form you need for the password and why not get it coverted as soon as possible. For example, if the password is
coming from a textbox - sha1 hash the password into a string - then you don't
have to worry about it..
But I'm not just being simple, just bringing up other points.. I think the answer is that you'd want to an unmanaged block of code to clear out that memory. But that has it's own risks associated. It's always been all or nothing. Either you manage 100% of your memory (C++) or you rely on GC (Java/C#).. and when you mix the two - that can become a headache..
Sorry I couldn't help, but I did want to understand how this works - further..
"Chad Myers" <cm****@N0.SP.4 M.austin.rr.com > wrote in message news:8r******** ***********@twi ster.austin.rr. com... "Frank Drebin" <no*****@imsick ofspam.com> wrote in message news:bJ******** **************@ newssvr28.news. prodigy.com... What's the trouble with just overwriting it with a new value?
pass = new String();
That doesn't work. All you're doing is creating a new String object and replacing the pointer. The old string object is still in memory, flagged for garbage collection. However, the garbage collector may not run for a couple minutes and it's possible a cracker could scan and see it before that happens.
Strings are immutable, period. There is no way to replace the contents in a string once it is created.
The only option might be to use a value type which keeps it on the stack only for the life of the method in which its used. You might write your own basic string class which works with char[] (which is also a value type).
That way no heap memory is ever allocated and therefore harder to track down. However, there is always that few seconds when the password is visible on the stack. Perhaps some clever (and ugly) coding in the Value type for working with the char[] would insert random characters at predefined spaces to throw off a casual observer.
Since this is still the same variable, I don't think the app hangs on to old values - since they are unretreivable at that point. Right? Are you overthinking the problem? Or am I missing something?
The memory has not yet been overwritten. The heap memory is still allocated and the CLR still has a reference to that memory slot. The reference will be flagged for garbage collection and collected/free'd at the next available GC slot. However, it's not clear whether .NET will zero-out the memory, or just leave it there to be overwritten later. My guess is that it DOES NOT zero-out the memory.
Alternatively, you might use unsafe code in C# to get a block of memory in which to store the password while you work with (of course you have to use old-style C string logic which is ugly) and then zero it out yourself when you're done.
-c
"cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** **@posting.goog le.com... > Hi All! > > I want to clear the string contents from sensitive information > such as passwords, and etc. > > It's always a case that password will appear as string at some point > or another. And i feel uneasy leaving it hanging in memory
indefinitely > (especially in case when string is Interned). > > So at leats for the case when string is not interned i propose: > > string pass = Console.ReadLin e(); > if (string.IsInter ned(pass) == null) > { > unsafe > { > fixed(void* pv = pass) > { > char* pb = (char*)pv; > for(int i =0; i<pass.Length; ++i) > pb[i] = '0'; > } > } > } > Console.WriteLi ne(pass); > > Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed. > > What do you all think about this?
Hi,
Since you know that strings are immutable, you can't clear or modify them in
any way (in theory).
Why not use a char array instead to store your password chars? It is at your
own disposal to create the array and destroy it. A few chars won't take up
too much memory.
Edward
"cppdev" <cp*****@yahoo. com> wrote in message
news:fc******** *************** **@posting.goog le.com... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLin e(); if (string.IsInter ned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLi ne(pass);
Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed.
What do you all think about this?
Hi,
I would love to use byte[] or char[],
but it's not my choice. I'm using TextControl
to get information from the user in winform.
And it only has Text property.
"Edward Yang" <neo_in_matrix@ > wrote in message news:<OU******* *******@TK2MSFT NGP09.phx.gbl>. .. Hi,
Since you know that strings are immutable, you can't clear or modify them in any way (in theory).
Why not use a char array instead to store your password chars? It is at your own disposal to create the array and destroy it. A few chars won't take up too much memory.
Edward
"cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** **@posting.goog le.com... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLin e(); if (string.IsInter ned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLi ne(pass);
Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed.
What do you all think about this?
Yes i can use GetWindowText myself, but i also use
PasswordDeriveB ytes to derive keys for encryption
from user password and that only takes a string.
"JD" <No@Where.com > wrote in message news:<#i******* *******@TK2MSFT NGP09.phx.gbl>. .. Could you create a password control that stores the text into a byte[] instead of a string so that the pass never gets interned?
- J
"cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** ***@posting.goo gle.com... Hi,
I would love to use byte[] or char[], but it's not my choice. I'm using TextControl to get information from the user in winform. And it only has Text property.
"Edward Yang" <neo_in_matrix@ > wrote in message news:<OU******* *******@TK2MSFT NGP09.phx.gbl>. .. Hi,
Since you know that strings are immutable, you can't clear or modify them in any way (in theory).
Why not use a char array instead to store your password chars? It is at your own disposal to create the array and destroy it. A few chars won't take up too much memory.
Edward
"cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** **@posting.goog le.com... > Hi All! > > I want to clear the string contents from sensitive information > such as passwords, and etc. > > It's always a case that password will appear as string at some point > or another. And i feel uneasy leaving it hanging in memory indefinitely > (especially in case when string is Interned). > > So at leats for the case when string is not interned i propose: > > string pass = Console.ReadLin e(); > if (string.IsInter ned(pass) == null) > { > unsafe > { > fixed(void* pv = pass) > { > char* pb = (char*)pv; > for(int i =0; i<pass.Length; ++i) > pb[i] = '0'; > } > } > } > Console.WriteLi ne(pass); > > Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed. > > What do you all think about this?
If a common string is used over and over again, .NET
may "intern" it or make a single instance of it and
whenever you try to create a new instance of it, it'll
just return you the reference to the main, interned one.
I believe this happens during JIT. It recognizes common
strings and just makes one copy of them.
-c
"News VS.NET ( MS ILM )" <sq**********@h otmail.com> wrote in message
news:uL******** *****@TK2MSFTNG P10.phx.gbl... Excuse my now knowing What does interned mean here.??
"JD" <No@Where.com > wrote in message news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. Could you create a password control that stores the text into a
byte[] instead of a string so that the pass never gets interned?
- J
"cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** ***@posting.goo gle.com... Hi,
I would love to use byte[] or char[], but it's not my choice. I'm using TextControl to get information from the user in winform. And it only has Text property.
"Edward Yang" <neo_in_matrix@ > wrote in message news:<OU******* *******@TK2MSFT NGP09.phx.gbl>. .. > Hi, > > Since you know that strings are immutable, you can't clear or
modify them in > any way (in theory). > > Why not use a char array instead to store your password chars?
It is at your > own disposal to create the array and destroy it. A few chars
won't take up > too much memory. > > Edward > > "cppdev" <cp*****@yahoo. com> wrote in message > news:fc******** *************** **@posting.goog le.com... > > Hi All! > > > > I want to clear the string contents from sensitive information > > such as passwords, and etc. > > > > It's always a case that password will appear as string at some
point > > or another. And i feel uneasy leaving it hanging in memory indefinitely > > (especially in case when string is Interned). > > > > So at leats for the case when string is not interned i
propose: > > > > string pass = Console.ReadLin e(); > > if (string.IsInter ned(pass) == null) > > { > > unsafe > > { > > fixed(void* pv = pass) > > { > > char* pb = (char*)pv; > > for(int i =0; i<pass.Length; ++i) > > pb[i] = '0'; > > } > > } > > } > > Console.WriteLi ne(pass); > > > > Note: explicit RuntimeHelpers. OffsetToStringD ata is not
needed. > > > > What do you all think about this?
Chad
Thank you.
"Chad Myers" <cm****@N0.SP.A M.austin.rr.com > wrote in message
news:uO******** ******@TK2MSFTN GP09.phx.gbl... If a common string is used over and over again, .NET may "intern" it or make a single instance of it and whenever you try to create a new instance of it, it'll just return you the reference to the main, interned one.
I believe this happens during JIT. It recognizes common strings and just makes one copy of them.
-c
"News VS.NET ( MS ILM )" <sq**********@h otmail.com> wrote in message news:uL******** *****@TK2MSFTNG P10.phx.gbl... Excuse my now knowing What does interned mean here.??
"JD" <No@Where.com > wrote in message news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. Could you create a password control that stores the text into a byte[] instead of a string so that the pass never gets interned?
- J
"cppdev" <cp*****@yahoo. com> wrote in message news:fc******** *************** ***@posting.goo gle.com... > Hi, > > I would love to use byte[] or char[], > but it's not my choice. I'm using TextControl > to get information from the user in winform. > And it only has Text property. > > "Edward Yang" <neo_in_matrix@ > wrote in message news:<OU******* *******@TK2MSFT NGP09.phx.gbl>. .. > > Hi, > > > > Since you know that strings are immutable, you can't clear or modify them in > > any way (in theory). > > > > Why not use a char array instead to store your password chars? It is at your > > own disposal to create the array and destroy it. A few chars won't take up > > too much memory. > > > > Edward > > > > "cppdev" <cp*****@yahoo. com> wrote in message > > news:fc******** *************** **@posting.goog le.com... > > > Hi All! > > > > > > I want to clear the string contents from sensitive information > > > such as passwords, and etc. > > > > > > It's always a case that password will appear as string at some point > > > or another. And i feel uneasy leaving it hanging in memory indefinitely > > > (especially in case when string is Interned). > > > > > > So at leats for the case when string is not interned i propose: > > > > > > string pass = Console.ReadLin e(); > > > if (string.IsInter ned(pass) == null) > > > { > > > unsafe > > > { > > > fixed(void* pv = pass) > > > { > > > char* pb = (char*)pv; > > > for(int i =0; i<pass.Length; ++i) > > > pb[i] = '0'; > > > } > > > } > > > } > > > Console.WriteLi ne(pass); > > > > > > Note: explicit RuntimeHelpers. OffsetToStringD ata is not needed. > > > > > > What do you all think about this?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Tino Lange |
last post by:
Hi!
I identified a bottleneck in my programs.
I just want to "encrypt" data by easy xoring. Ok - that's no
encryption at all - I know. But it's hardly readable - and that's
enough :-) Just some quick obscurity.
It turns out not to be quick at all. I really didn't expect this to be
a bottleneck, but it takes quite some time.
|
by: cppdev |
last post by:
Hi All!
I want to clear the string contents from sensitive information
such as passwords, and etc.
It's always a case that password will appear as string at some point
or another. And i feel uneasy leaving it hanging in memory indefinitely
(especially in case when string is Interned).
So at leats for the case when string is not...
|
by: Marty |
last post by:
Hi,
I would like to replace "\r\n" by "_" within a specific string.
I tried :
strMyString.Replace('\r', '_');
strMyString.Replace('\n', '_');
or
strMyString.Replace(System.Environment.NewLine, '_');
|
by: Hardy Wang |
last post by:
Hi all,
I know it is better to handle large string with a StringBuilder, but how
does StringBuilder class improve the performance in the background?
Thanks!
--
WWW: http://hardywang.1accesshost.com
ICQ: 3359839
yours Hardy
|
by: Lonifasiko |
last post by:
Hi,
Just want to replace character at index 1 of a string with another
character. Just want to replace character at that position. I thought
Replace method would be overloaded with an index parameter with which
you can write wanted character at that position. But no, Replace
method only allows replacing one known character with another. The...
| |
by: cameljs18 |
last post by:
Converting a string variable into a string literal. How do I add the
@ character in front of the string?
I cannot add it when the string is created as it will affect other
parts of the program.
I have tried these but they do not work:
label1.text = @S
label1.text = "@" + S
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |