On Fri, Apr 6, 2012 at 5:27 PM, Steve Kradel <[email protected]> wrote: > Feed in the characters to SecureString one at a time (string is an > IEnumerable of char)... the design reason for this is that the entire > string should not exist in managed memory at any point, or else there > will be non-secure copies floating around.
That seems icky. Conventional wisdom is that one does any security-sensitive storage in memory pages "locked" in RAM. I.e., you allocate some memory, and then tell the OS not to write that memory to disk for any reason. When done, zero the page(s). Reading the docs for SecureString, I can only presume .NET doesn't have a way to do that. Pity. Encrypting storage that a program has to use contemporaneously is -- as was noted on this list recently -- generally pointless, as the program has to keep the decrypt key around cleartext in the same storage. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
