How is the encryption of a Securestring made and stored?

Asked

Viewed 52 times

2

The class SecureString is used to represent a text that must be kept confidential in memory (passwords, card numbers, balances, etc.), and carries out its correct deletion from memory when said text is no longer required.

  • How is this encryption done? How is the key stored?

1 answer

3


Just using it doesn’t do much good. And to think that it gives total security is nonsense. Read more in How, when and why to use "Securestring" in C#?.

The implementation is detail, so it varies depending on the Runtime used and version of it and should not be attached to it. So there is no way to answer the question asked. And this is the answer.

But I can give you some information:

  • the .NET Framework has a complex way of deciding what to do and delegates to other parts of the framework take care of encryption, uses lots of low-level code and Windows API.

  • the .NET Core delegate to another library, you can try to find the implementation. Also and the specific part for Unix.

  • the Mono uses the Encript() of his own, he has to go there to see how this method does.

From what I understand they use internal keys to framework or the operating system, which is more secure.

  • I was researching how an anti-cheat can protect important data in memory, and I remembered that Securestring would be a good starting point for me to base.

  • There is no anti-cheat effective in client software. And this is why the SS is also not safe.

  • Yes, I agree that nothing replaces an authoritative server. However, there are times when the cost of this implementation becomes unavoidable, or even when we do not have enough time to implement it. As an example, I can cite an Advergame aimed at an advertising campaign with a short lifespan. Among the techniques I think of employing would be the cryptography of variables and their constant exchange of addresses in memory.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.