#952 – Security Issues with Managed Strings
November 18, 2013 5 Comments
Confidential data stored in strings is vulnerable to attack during the time period that the string is stored in memory.
String data stored in managed strings in .NET is less secure than data stored in unmanaged strings. Plaintext (non-encrypted) string data in managed strings has a longer period of time during which it is stored in memory.
Because managed strings exist on the garbage collected heap, you can’t explicitly destroy them. The data will remain in memory until after the garbage collector has released the memory and it has been overwritten by some other object.
Since strings are immutable, you can’t overwrite the string data in a managed string object. Writing new data results in a new instance being created. The Garbage Collector may also create extra copies when it compacts memory. The string data is less secure, due to the likelihood of there being multiple copies and its longer lifetime.
So how confidential data should be stored? Should we use raw bytes array or is there special type for this purpose?
Take a look at today’s post (#953), which talks about SecureString. Examples and more information coming soon.
Pingback: #953 – Use a SecureString Object to Store Confidential Text Data | 2,000 Things You Should Know About WPF
Pingback: Dew Drop – November 19, 2013 (#1669) | Morning Dew
Pingback: #954 – Store Confidential Data Only Within SecureString Instances | 2,000 Things You Should Know About WPF