Hi All!
I want to clear the string contents from sensitive information
such as passwords, and etc.
It's always a case that password will appear as string at some point
or another. And i feel uneasy leaving it hanging in memory indefinitely
(especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLine();
if (string.IsInterned(pass) == null)
{
unsafe
{
fixed(void* pv = pass)
{
char* pb = (char*)pv;
for(int i =0; i<pass.Length; ++i)
pb[i] = '0';
}
}
}
Console.WriteLine(pass);
Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
What do you all think about this? 10 11079
What's the trouble with just overwriting it with a new value?
pass = new String();
Since this is still the same variable, I don't think the app hangs on to old
values - since they are unretreivable at that point. Right? Are you
overthinking the problem? Or am I missing something?
"cppdev" <cp*****@yahoo.com> wrote in message
news:fc*************************@posting.google.co m... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLine(); if (string.IsInterned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLine(pass);
Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
What do you all think about this?
"Frank Drebin" <no*****@imsickofspam.com> wrote in message
news:bJ**********************@newssvr28.news.prodi gy.com... What's the trouble with just overwriting it with a new value?
pass = new String();
That doesn't work. All you're doing is creating a new
String object and replacing the pointer. The old string
object is still in memory, flagged for garbage collection.
However, the garbage collector may not run for a couple
minutes and it's possible a cracker could scan and see
it before that happens.
Strings are immutable, period. There is no way to
replace the contents in a string once it is created.
The only option might be to use a value type which
keeps it on the stack only for the life of the method
in which its used. You might write your own basic
string class which works with char[] (which is also
a value type).
That way no heap memory is ever allocated and
therefore harder to track down. However, there is
always that few seconds when the password is
visible on the stack. Perhaps some clever (and ugly)
coding in the Value type for working with the
char[] would insert random characters at predefined
spaces to throw off a casual observer.
Since this is still the same variable, I don't think the app hangs on
to old values - since they are unretreivable at that point. Right? Are you overthinking the problem? Or am I missing something?
The memory has not yet been overwritten. The heap memory is
still allocated and the CLR still has a reference to that
memory slot. The reference will be flagged for garbage
collection and collected/free'd at the next available
GC slot. However, it's not clear whether .NET will zero-out
the memory, or just leave it there to be overwritten
later. My guess is that it DOES NOT zero-out the memory.
Alternatively, you might use unsafe code in C# to get
a block of memory in which to store the password
while you work with (of course you have to use old-style
C string logic which is ugly) and then zero it out
yourself when you're done.
-c "cppdev" <cp*****@yahoo.com> wrote in message news:fc*************************@posting.google.co m... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory
indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLine(); if (string.IsInterned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLine(pass);
Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
What do you all think about this?
"Frank Drebin" <no*****@imsickofspam.com> wrote in message
news:KC**********************@newssvr28.news.prodi gy.com... Understood..
And if you did this:
pass = new String(); pass = "mypassword"; pass = " ";
Are you suggesting the same thing happens? In that in the above
example, there is the current version of "pass" and two old versions that are
flagged for gc? Since the memory is already allocated - why wouldn't it just
change the actual memory data??
The "pass" variable is just a reference.
The "new" operator in .NET returns a REFERENCE to the
newly-created object on the heap.
In C++, the example would be:
String* pass = new System::String("1");
pass = new System::String("2, mypassword");
pass = new System::String("3, ");
So you see, string 1 and 2 are still there, you just
got rid of your reference them.
[paraphrased, this isn't necessarily 100% accurate]
[yes, I know .NET doesn't do reference counting, but
this is just for illustration]
Behind the scenes, when the new operator is called,
it allocates the memory on the heap and creates
a new Reference object to store the pointer in.
It has some type of collection of Referers and it
gives you a Referers token.
So the "pass" value actually just contains a
referer token to the actual reference.
When the variable/token goes out of scope, or you
assign null to your variable/token, .NET will
remove your token.
This is handy because .NET can move the memory
around whenever it wants and updates the
actual pointer without affecting your code
in any way.
When there are no more referers, .NET flags
the pointer for garbage collection.
So you see, just because you no longer have
a pointer to Strings 1 and 2, it doesn't mean
no one has a pointer to it.
1, 2, and 3 all are unique objects in different
parts onthe heap and "pass" has a completely
different value in all 3 cases.
The memory of 1 and 2 is still allocated,
and even after it's garbage collected, it might
not actually get zeroed out or overwritten until
a little later.
Secondly, what is the ultimate form you need for the password and why
not get it coverted as soon as possible. For example, if the password is
coming from a textbox - sha1 hash the password into a string - then you don't
have to worry about it..
Unfortunately, this is a very complicated problem. TextBox
has a Text property of type String which has a copy of the
password.
When you get a ref of the string from which to generate
the hash, it's possible that another copy might get created.
You might end up with 1-3 copies of the string in memory :(
<snip>
-c "Chad Myers" <cm****@N0.SP.4M.austin.rr.com> wrote in message news:8r*******************@twister.austin.rr.com.. . "Frank Drebin" <no*****@imsickofspam.com> wrote in message news:bJ**********************@newssvr28.news.prodi gy.com... What's the trouble with just overwriting it with a new value?
pass = new String();
That doesn't work. All you're doing is creating a new String object and replacing the pointer. The old string object is still in memory, flagged for garbage collection. However, the garbage collector may not run for a couple minutes and it's possible a cracker could scan and see it before that happens.
Strings are immutable, period. There is no way to replace the contents in a string once it is created.
The only option might be to use a value type which keeps it on the stack only for the life of the method in which its used. You might write your own basic string class which works with char[] (which is also a value type).
That way no heap memory is ever allocated and therefore harder to track down. However, there is always that few seconds when the password is visible on the stack. Perhaps some clever (and ugly) coding in the Value type for working with the char[] would insert random characters at predefined spaces to throw off a casual observer.
Since this is still the same variable, I don't think the app hangs
on to old values - since they are unretreivable at that point. Right? Are
you overthinking the problem? Or am I missing something?
The memory has not yet been overwritten. The heap memory is still allocated and the CLR still has a reference to that memory slot. The reference will be flagged for garbage collection and collected/free'd at the next available GC slot. However, it's not clear whether .NET will zero-out the memory, or just leave it there to be overwritten later. My guess is that it DOES NOT zero-out the memory.
Alternatively, you might use unsafe code in C# to get a block of memory in which to store the password while you work with (of course you have to use old-style C string logic which is ugly) and then zero it out yourself when you're done.
-c
"cppdev" <cp*****@yahoo.com> wrote in message news:fc*************************@posting.google.co m... > Hi All! > > I want to clear the string contents from sensitive information > such as passwords, and etc. > > It's always a case that password will appear as string at some
point > or another. And i feel uneasy leaving it hanging in memory
indefinitely > (especially in case when string is Interned). > > So at leats for the case when string is not interned i propose: > > string pass = Console.ReadLine(); > if (string.IsInterned(pass) == null) > { > unsafe > { > fixed(void* pv = pass) > { > char* pb = (char*)pv; > for(int i =0; i<pass.Length; ++i) > pb[i] = '0'; > } > } > } > Console.WriteLine(pass); > > Note: explicit RuntimeHelpers.OffsetToStringData is not needed. > > What do you all think about this?
That will not work. Yes everytime you use a string variable a new string
object is created.
Inefficient that is what you should be using the stringbuilder.
What about StringBuilder? could that help you?
If that is not an option I would do it in unmanaged code "C"
"Frank Drebin" <no*****@imsickofspam.com> wrote in message
news:KC**********************@newssvr28.news.prodi gy.com... Understood..
And if you did this:
pass = new String(); pass = "mypassword"; pass = " ";
Are you suggesting the same thing happens? In that in the above example, there is the current version of "pass" and two old versions that are
flagged for gc? Since the memory is already allocated - why wouldn't it just
change the actual memory data??
Secondly, what is the ultimate form you need for the password and why not get it coverted as soon as possible. For example, if the password is
coming from a textbox - sha1 hash the password into a string - then you don't
have to worry about it..
But I'm not just being simple, just bringing up other points.. I think the answer is that you'd want to an unmanaged block of code to clear out that memory. But that has it's own risks associated. It's always been all or nothing. Either you manage 100% of your memory (C++) or you rely on GC (Java/C#).. and when you mix the two - that can become a headache..
Sorry I couldn't help, but I did want to understand how this works - further..
"Chad Myers" <cm****@N0.SP.4M.austin.rr.com> wrote in message news:8r*******************@twister.austin.rr.com.. . "Frank Drebin" <no*****@imsickofspam.com> wrote in message news:bJ**********************@newssvr28.news.prodi gy.com... What's the trouble with just overwriting it with a new value?
pass = new String();
That doesn't work. All you're doing is creating a new String object and replacing the pointer. The old string object is still in memory, flagged for garbage collection. However, the garbage collector may not run for a couple minutes and it's possible a cracker could scan and see it before that happens.
Strings are immutable, period. There is no way to replace the contents in a string once it is created.
The only option might be to use a value type which keeps it on the stack only for the life of the method in which its used. You might write your own basic string class which works with char[] (which is also a value type).
That way no heap memory is ever allocated and therefore harder to track down. However, there is always that few seconds when the password is visible on the stack. Perhaps some clever (and ugly) coding in the Value type for working with the char[] would insert random characters at predefined spaces to throw off a casual observer.
Since this is still the same variable, I don't think the app hangs on to old values - since they are unretreivable at that point. Right? Are you overthinking the problem? Or am I missing something?
The memory has not yet been overwritten. The heap memory is still allocated and the CLR still has a reference to that memory slot. The reference will be flagged for garbage collection and collected/free'd at the next available GC slot. However, it's not clear whether .NET will zero-out the memory, or just leave it there to be overwritten later. My guess is that it DOES NOT zero-out the memory.
Alternatively, you might use unsafe code in C# to get a block of memory in which to store the password while you work with (of course you have to use old-style C string logic which is ugly) and then zero it out yourself when you're done.
-c
"cppdev" <cp*****@yahoo.com> wrote in message news:fc*************************@posting.google.co m... > Hi All! > > I want to clear the string contents from sensitive information > such as passwords, and etc. > > It's always a case that password will appear as string at some point > or another. And i feel uneasy leaving it hanging in memory
indefinitely > (especially in case when string is Interned). > > So at leats for the case when string is not interned i propose: > > string pass = Console.ReadLine(); > if (string.IsInterned(pass) == null) > { > unsafe > { > fixed(void* pv = pass) > { > char* pb = (char*)pv; > for(int i =0; i<pass.Length; ++i) > pb[i] = '0'; > } > } > } > Console.WriteLine(pass); > > Note: explicit RuntimeHelpers.OffsetToStringData is not needed. > > What do you all think about this?
Hi,
Since you know that strings are immutable, you can't clear or modify them in
any way (in theory).
Why not use a char array instead to store your password chars? It is at your
own disposal to create the array and destroy it. A few chars won't take up
too much memory.
Edward
"cppdev" <cp*****@yahoo.com> wrote in message
news:fc*************************@posting.google.co m... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLine(); if (string.IsInterned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLine(pass);
Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
What do you all think about this?
Hi,
I would love to use byte[] or char[],
but it's not my choice. I'm using TextControl
to get information from the user in winform.
And it only has Text property.
"Edward Yang" <neo_in_matrix@> wrote in message news:<OU**************@TK2MSFTNGP09.phx.gbl>... Hi,
Since you know that strings are immutable, you can't clear or modify them in any way (in theory).
Why not use a char array instead to store your password chars? It is at your own disposal to create the array and destroy it. A few chars won't take up too much memory.
Edward
"cppdev" <cp*****@yahoo.com> wrote in message news:fc*************************@posting.google.co m... Hi All!
I want to clear the string contents from sensitive information such as passwords, and etc.
It's always a case that password will appear as string at some point or another. And i feel uneasy leaving it hanging in memory indefinitely (especially in case when string is Interned).
So at leats for the case when string is not interned i propose:
string pass = Console.ReadLine(); if (string.IsInterned(pass) == null) { unsafe { fixed(void* pv = pass) { char* pb = (char*)pv; for(int i =0; i<pass.Length; ++i) pb[i] = '0'; } } } Console.WriteLine(pass);
Note: explicit RuntimeHelpers.OffsetToStringData is not needed.
What do you all think about this?
Yes i can use GetWindowText myself, but i also use
PasswordDeriveBytes to derive keys for encryption
from user password and that only takes a string.
"JD" <No@Where.com> wrote in message news:<#i**************@TK2MSFTNGP09.phx.gbl>... Could you create a password control that stores the text into a byte[] instead of a string so that the pass never gets interned?
- J
"cppdev" <cp*****@yahoo.com> wrote in message news:fc**************************@posting.google.c om... Hi,
I would love to use byte[] or char[], but it's not my choice. I'm using TextControl to get information from the user in winform. And it only has Text property.
"Edward Yang" <neo_in_matrix@> wrote in message news:<OU**************@TK2MSFTNGP09.phx.gbl>... Hi,
Since you know that strings are immutable, you can't clear or modify them in any way (in theory).
Why not use a char array instead to store your password chars? It is at your own disposal to create the array and destroy it. A few chars won't take up too much memory.
Edward
"cppdev" <cp*****@yahoo.com> wrote in message news:fc*************************@posting.google.co m... > Hi All! > > I want to clear the string contents from sensitive information > such as passwords, and etc. > > It's always a case that password will appear as string at some point > or another. And i feel uneasy leaving it hanging in memory indefinitely > (especially in case when string is Interned). > > So at leats for the case when string is not interned i propose: > > string pass = Console.ReadLine(); > if (string.IsInterned(pass) == null) > { > unsafe > { > fixed(void* pv = pass) > { > char* pb = (char*)pv; > for(int i =0; i<pass.Length; ++i) > pb[i] = '0'; > } > } > } > Console.WriteLine(pass); > > Note: explicit RuntimeHelpers.OffsetToStringData is not needed. > > What do you all think about this?
If a common string is used over and over again, .NET
may "intern" it or make a single instance of it and
whenever you try to create a new instance of it, it'll
just return you the reference to the main, interned one.
I believe this happens during JIT. It recognizes common
strings and just makes one copy of them.
-c
"News VS.NET ( MS ILM )" <sq**********@hotmail.com> wrote in message
news:uL*************@TK2MSFTNGP10.phx.gbl... Excuse my now knowing What does interned mean here.??
"JD" <No@Where.com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... Could you create a password control that stores the text into a
byte[] instead of a string so that the pass never gets interned?
- J
"cppdev" <cp*****@yahoo.com> wrote in message news:fc**************************@posting.google.c om... Hi,
I would love to use byte[] or char[], but it's not my choice. I'm using TextControl to get information from the user in winform. And it only has Text property.
"Edward Yang" <neo_in_matrix@> wrote in message news:<OU**************@TK2MSFTNGP09.phx.gbl>... > Hi, > > Since you know that strings are immutable, you can't clear or
modify them in > any way (in theory). > > Why not use a char array instead to store your password chars?
It is at your > own disposal to create the array and destroy it. A few chars
won't take up > too much memory. > > Edward > > "cppdev" <cp*****@yahoo.com> wrote in message > news:fc*************************@posting.google.co m... > > Hi All! > > > > I want to clear the string contents from sensitive information > > such as passwords, and etc. > > > > It's always a case that password will appear as string at some
point > > or another. And i feel uneasy leaving it hanging in memory indefinitely > > (especially in case when string is Interned). > > > > So at leats for the case when string is not interned i
propose: > > > > string pass = Console.ReadLine(); > > if (string.IsInterned(pass) == null) > > { > > unsafe > > { > > fixed(void* pv = pass) > > { > > char* pb = (char*)pv; > > for(int i =0; i<pass.Length; ++i) > > pb[i] = '0'; > > } > > } > > } > > Console.WriteLine(pass); > > > > Note: explicit RuntimeHelpers.OffsetToStringData is not
needed. > > > > What do you all think about this?
Chad
Thank you.
"Chad Myers" <cm****@N0.SP.AM.austin.rr.com> wrote in message
news:uO**************@TK2MSFTNGP09.phx.gbl... If a common string is used over and over again, .NET may "intern" it or make a single instance of it and whenever you try to create a new instance of it, it'll just return you the reference to the main, interned one.
I believe this happens during JIT. It recognizes common strings and just makes one copy of them.
-c
"News VS.NET ( MS ILM )" <sq**********@hotmail.com> wrote in message news:uL*************@TK2MSFTNGP10.phx.gbl... Excuse my now knowing What does interned mean here.??
"JD" <No@Where.com> wrote in message news:%2****************@TK2MSFTNGP09.phx.gbl... Could you create a password control that stores the text into a byte[] instead of a string so that the pass never gets interned?
- J
"cppdev" <cp*****@yahoo.com> wrote in message news:fc**************************@posting.google.c om... > Hi, > > I would love to use byte[] or char[], > but it's not my choice. I'm using TextControl > to get information from the user in winform. > And it only has Text property. > > "Edward Yang" <neo_in_matrix@> wrote in message news:<OU**************@TK2MSFTNGP09.phx.gbl>... > > Hi, > > > > Since you know that strings are immutable, you can't clear or modify them in > > any way (in theory). > > > > Why not use a char array instead to store your password chars? It is at your > > own disposal to create the array and destroy it. A few chars won't take up > > too much memory. > > > > Edward > > > > "cppdev" <cp*****@yahoo.com> wrote in message > > news:fc*************************@posting.google.co m... > > > Hi All! > > > > > > I want to clear the string contents from sensitive information > > > such as passwords, and etc. > > > > > > It's always a case that password will appear as string at some point > > > or another. And i feel uneasy leaving it hanging in memory indefinitely > > > (especially in case when string is Interned). > > > > > > So at leats for the case when string is not interned i propose: > > > > > > string pass = Console.ReadLine(); > > > if (string.IsInterned(pass) == null) > > > { > > > unsafe > > > { > > > fixed(void* pv = pass) > > > { > > > char* pb = (char*)pv; > > > for(int i =0; i<pass.Length; ++i) > > > pb[i] = '0'; > > > } > > > } > > > } > > > Console.WriteLine(pass); > > > > > > Note: explicit RuntimeHelpers.OffsetToStringData is not needed. > > > > > > What do you all think about this?
Chad Myers <cm****@N0.SP.AM.austin.rr.com> wrote: If a common string is used over and over again, .NET may "intern" it or make a single instance of it and whenever you try to create a new instance of it, it'll just return you the reference to the main, interned one.
I believe this happens during JIT. It recognizes common strings and just makes one copy of them.
Fortunately it's not nearly as heuristic as that. All string
literals/constants are interned, and any string which you call Intern
on is interned. I don't believe anything else will get interned. You
also don't get the interned copy whenever you create a string with
identical contents - it's only if you're using the same string literal
or if you specifically ask for the interned version.
If the JIT started interning other strings, you'd end up with a
possible memory leak.
--
Jon Skeet - <sk***@pobox.com> http://www.pobox.com/~skeet/
If replying to the group, please do not mail me too This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Tino Lange |
last post by:
Hi!
I identified a bottleneck in my programs.
I just want to "encrypt" data by easy xoring. Ok - that's no
encryption at all - I know. But it's hardly readable - and that's
enough :-) Just...
|
by: cppdev |
last post by:
Hi All!
I want to clear the string contents from sensitive information
such as passwords, and etc.
It's always a case that password will appear as string at some point
or another. And i feel...
|
by: Marty |
last post by:
Hi,
I would like to replace "\r\n" by "_" within a specific string.
I tried :
strMyString.Replace('\r', '_');
strMyString.Replace('\n', '_');
or...
|
by: Hardy Wang |
last post by:
Hi all,
I know it is better to handle large string with a StringBuilder, but how
does StringBuilder class improve the performance in the background?
Thanks!
--
WWW:...
|
by: Lonifasiko |
last post by:
Hi,
Just want to replace character at index 1 of a string with another
character. Just want to replace character at that position. I thought
Replace method would be overloaded with an index...
|
by: cameljs18 |
last post by:
Converting a string variable into a string literal. How do I add the
@ character in front of the string?
I cannot add it when the string is created as it will affect other
parts of the program.
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |