Friday, September 29, 2006

System.Security (SecureString, SymmetricAlgorithms) C# WinForm Example - Simple Password Manager

The Code Project - Simple Password Manager Using System.Security

"The main goal of this application is to show how easy is to work with System.Security (SecureString, SymmetricAlgorithms) in a Windows Forms project. The application uses the SecurePasswordTextBox control made by Paul Glavich. SecurePasswordTextBox is a Windows Forms TextBox control that uses the .NET V2 SecureString class to store its contents. More details about this control can be found at Paul Glavich's blog.

Why do we need SecureStrings? Well, the MSDN documentation is very explicit on this, I will just quote it: "An instance of the System.String class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created, and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used, because your application cannot delete the data from computer memory." So, as a programmer, you must make sure that the sensitive data that you are dealing with in your applications like passwords are as much as possible protected. In my manager, I am receiving the password string as a SecureString with help from the Paul Glavich's control, and then I encrypt it with a symmetric algorithm (Rijndael) for storage and internal use. There is a moment when you can't protect the string, and that moment comes when the user wants to see his password in clear, or wants to paste it into a web page. ..."

This is another SecureString related project that I'd like to look at...

Related Past Post XRef:
SecurePasswordTextBox - A SecureString TextBox

No comments: