|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Best practice SecureString and pswd collectionUsing .NET 2 managed code only, what is the best that
can be done security-wise in collecting a password from the user (as console or some pswd control dialog) and passing to a function (like X509Certificate.Import) which can accept a SecureString? What about pinvoking to access a secure password dialog input? Going out of managed code, but does this remove immutable string input ? - Mitch Hello,
you can use the CredUIPromptForCredential function. If you google for this, you will find plenty of implementations. I've one on my website, too :-) http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx Greetings, Henning Krause Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> wrote in message news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... > Using .NET 2 managed code only, what is the best that > can be done security-wise in collecting a password from > the user (as console or some pswd control dialog) and > passing to a function (like X509Certificate.Import) > which can accept a SecureString? > > What about pinvoking to access a secure password dialog > input? Going out of managed code, but does this remove > immutable string input ? > > - Mitch > > Hi Henning,
Yup .. I'm already aware of pinvoking like that .. looked at 2 references herein: http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c But there should obviously be a managed simplified wrapper fn which simplifies this procedure. Should be a nice simple .net implementation to prompt a user for providing a pswd which securely manages the memory of the string and returns a SecureString to be used by (granted few) functions that accept a SecureString arg. Cheers, - Mitch Gallant Show quoteHide quote "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... > Hello, > > you can use the CredUIPromptForCredential function. > > If you google for this, you will find plenty of implementations. I've one on my website, too :-) > > http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx > > Greetings, > Henning Krause > > "Mitch Gallant" <jensigner@community.nospam> wrote in message news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >> Using .NET 2 managed code only, what is the best that >> can be done security-wise in collecting a password from >> the user (as console or some pswd control dialog) and >> passing to a function (like X509Certificate.Import) >> which can accept a SecureString? >> >> What about pinvoking to access a secure password dialog >> input? Going out of managed code, but does this remove >> immutable string input ? >> >> - Mitch >> >> > > Hello,
my implementation is a CommonDialog, which can be dragged on a form and invoked easily... Greetings, Henning Krause Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> wrote in message news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... > Hi Henning, > > Yup .. I'm already aware of pinvoking like that .. > looked at 2 references herein: > > http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c > > But there should obviously be a managed simplified wrapper fn which > simplifies this procedure. Should be a nice simple .net implementation > to prompt a user for providing a pswd which securely manages the memory of > the string and returns a SecureString to be used by (granted few) > functions that accept a SecureString arg. > > Cheers, > - Mitch Gallant > > "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in > message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >> Hello, >> >> you can use the CredUIPromptForCredential function. >> >> If you google for this, you will find plenty of implementations. I've one >> on my website, too :-) >> >> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >> >> Greetings, >> Henning Krause >> >> "Mitch Gallant" <jensigner@community.nospam> wrote in message >> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>> Using .NET 2 managed code only, what is the best that >>> can be done security-wise in collecting a password from >>> the user (as console or some pswd control dialog) and >>> passing to a function (like X509Certificate.Import) >>> which can accept a SecureString? >>> >>> What about pinvoking to access a secure password dialog >>> input? Going out of managed code, but does this remove >>> immutable string input ? >>> >>> - Mitch >>> >>> >> >> > > Thanks Henning. Good article.
I'm looking for some commentary from MS on this also .. to see what plans exist to implement secured credentials prompting in future ..NET releases. Trying to dig into the api used in the generic IE export to pfx and the pswd dialog that is used there (probably some internal fn based on CredUIPromptForCredential ). I'm updating the keypal.exe .NET tool to include pfx exportation, so am idling on how to implement the pswd prompting :-) Cheers, - Mitch Gallant MVP Security jensign.com Show quoteHide quote "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... > Hello, > > my implementation is a CommonDialog, which can be dragged on a form and invoked easily... > > Greetings, > Henning Krause > > "Mitch Gallant" <jensigner@community.nospam> wrote in message news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >> Hi Henning, >> >> Yup .. I'm already aware of pinvoking like that .. >> looked at 2 references herein: >> >> http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >> >> But there should obviously be a managed simplified wrapper fn which >> simplifies this procedure. Should be a nice simple .net implementation >> to prompt a user for providing a pswd which securely manages the memory of >> the string and returns a SecureString to be used by (granted few) >> functions that accept a SecureString arg. >> >> Cheers, >> - Mitch Gallant >> >> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in message >> news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>> Hello, >>> >>> you can use the CredUIPromptForCredential function. >>> >>> If you google for this, you will find plenty of implementations. I've one on my website, too :-) >>> >>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>> >>> Greetings, >>> Henning Krause >>> >>> "Mitch Gallant" <jensigner@community.nospam> wrote in message news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>> Using .NET 2 managed code only, what is the best that >>>> can be done security-wise in collecting a password from >>>> the user (as console or some pswd control dialog) and >>>> passing to a function (like X509Certificate.Import) >>>> which can accept a SecureString? >>>> >>>> What about pinvoking to access a secure password dialog >>>> input? Going out of managed code, but does this remove >>>> immutable string input ? >>>> >>>> - Mitch >>>> >>>> >>> >>> >> >> > > Hello Mitch,
you're right.. this should have been in .NET 2.0. Along with broader usage of the SecureString class (SqlConnection, etc.) Henning Krause Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> wrote in message news:%23geuaKBVGHA.5496@TK2MSFTNGP11.phx.gbl... > Thanks Henning. Good article. > > I'm looking for some commentary from MS on this also .. to see what > plans exist to implement secured credentials prompting in future > .NET releases. > > Trying to dig into the api used in the generic IE export to pfx > and the pswd dialog that is used there (probably some internal > fn based on CredUIPromptForCredential ). > I'm updating the keypal.exe .NET tool to include pfx exportation, > so am idling on how to implement the pswd prompting :-) > > Cheers, > - Mitch Gallant > MVP Security > jensign.com > > "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in > message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... >> Hello, >> >> my implementation is a CommonDialog, which can be dragged on a form and >> invoked easily... >> >> Greetings, >> Henning Krause >> >> "Mitch Gallant" <jensigner@community.nospam> wrote in message >> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >>> Hi Henning, >>> >>> Yup .. I'm already aware of pinvoking like that .. >>> looked at 2 references herein: >>> >>> http://groups.google.com/group/microsoft.public.dotnet.languages.csharp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>> >>> But there should obviously be a managed simplified wrapper fn which >>> simplifies this procedure. Should be a nice simple .net implementation >>> to prompt a user for providing a pswd which securely manages the memory >>> of >>> the string and returns a SecureString to be used by (granted few) >>> functions that accept a SecureString arg. >>> >>> Cheers, >>> - Mitch Gallant >>> >>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >>> message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>>> Hello, >>>> >>>> you can use the CredUIPromptForCredential function. >>>> >>>> If you google for this, you will find plenty of implementations. I've >>>> one on my website, too :-) >>>> >>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>> >>>> Greetings, >>>> Henning Krause >>>> >>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>>> Using .NET 2 managed code only, what is the best that >>>>> can be done security-wise in collecting a password from >>>>> the user (as console or some pswd control dialog) and >>>>> passing to a function (like X509Certificate.Import) >>>>> which can accept a SecureString? >>>>> >>>>> What about pinvoking to access a secure password dialog >>>>> input? Going out of managed code, but does this remove >>>>> immutable string input ? >>>>> >>>>> - Mitch >>>>> >>>>> >>>> >>>> >>> >>> >> >> > > Hi,
there will be more classes that use SecureString in .NET 3.0 Avalon (WinFX) contains a Password Textbox that returns a SecureString - not sure if SS is used anywhere in WCF or WF --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Thanks Henning. Good article. > > I'm looking for some commentary from MS on this also .. to see what > plans exist to implement secured credentials prompting in future .NET > releases. > > Trying to dig into the api used in the generic IE export to pfx > and the pswd dialog that is used there (probably some internal > fn based on CredUIPromptForCredential ). > I'm updating the keypal.exe .NET tool to include pfx exportation, > so am idling on how to implement the pswd prompting :-) > Cheers, > - Mitch Gallant > MVP Security > jensign.com > "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in > message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... > >> Hello, >> >> my implementation is a CommonDialog, which can be dragged on a form >> and invoked easily... >> >> Greetings, >> Henning Krause >> "Mitch Gallant" <jensigner@community.nospam> wrote in message >> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >> >>> Hi Henning, >>> >>> Yup .. I'm already aware of pinvoking like that .. looked at 2 >>> references herein: >>> >>> http://groups.google.com/group/microsoft.public.dotnet.languages.csh >>> arp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>> >>> But there should obviously be a managed simplified wrapper fn which >>> simplifies this procedure. Should be a nice simple .net >>> implementation >>> to prompt a user for providing a pswd which securely manages the >>> memory of >>> the string and returns a SecureString to be used by (granted few) >>> functions that accept a SecureString arg. >>> Cheers, >>> - Mitch Gallant >>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote >>> in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>> >>>> Hello, >>>> >>>> you can use the CredUIPromptForCredential function. >>>> >>>> If you google for this, you will find plenty of implementations. >>>> I've one on my website, too :-) >>>> >>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>> >>>> Greetings, >>>> Henning Krause >>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>> >>>>> Using .NET 2 managed code only, what is the best that can be done >>>>> security-wise in collecting a password from the user (as console >>>>> or some pswd control dialog) and passing to a function (like >>>>> X509Certificate.Import) which can accept a SecureString? >>>>> >>>>> What about pinvoking to access a secure password dialog input? >>>>> Going out of managed code, but does this remove immutable string >>>>> input ? >>>>> >>>>> - Mitch >>>>> Just noticed that there's a useful .NET 2 sdk SecureString console sample app:
http://msdn2.microsoft.com/en-us/library/07b9wyhy.aspx which uses a lot of the greatly expanded Console capability .. to parse single keystrokes. The sample has some other useful parts; interesting title: Console.Title = "Fanatical Health Entry System"; The basic code for building the SecureString from keystrokes is: ---------------------- SecureString password = new SecureString(); ... ConsoleKeyInfo cki = Console.ReadKey(true); .... password.AppendChar(cki.KeyChar); ----------------------- By comparison, this is the simpler approach: ----------------- String pswdstr = Console.ReadLine(); Char[] chars = pswdstr.ToCharArray() ; SecureString password = new SecureString(); for(int i = 0; i <= chars.Length - 1; i++) password.AppendChar(chars[i]) ; ------------------- From a security perspective, are these equivalent? i.e. does the ConsoleKeyInfo actually expose any string content related to the clicked key characters that is immutable? - Mitch Gallant MVP Security Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:4580be631990f78c822462bcefa3a@news.microsoft.com... > Hi, > there will be more classes that use SecureString in .NET 3.0 > > Avalon (WinFX) contains a Password Textbox that returns a SecureString - not sure if SS is used anywhere in WCF or WF > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Thanks Henning. Good article. >> >> I'm looking for some commentary from MS on this also .. to see what >> plans exist to implement secured credentials prompting in future .NET >> releases. >> >> Trying to dig into the api used in the generic IE export to pfx >> and the pswd dialog that is used there (probably some internal >> fn based on CredUIPromptForCredential ). >> I'm updating the keypal.exe .NET tool to include pfx exportation, >> so am idling on how to implement the pswd prompting :-) >> Cheers, >> - Mitch Gallant >> MVP Security >> jensign.com >> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >> message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... >> >>> Hello, >>> >>> my implementation is a CommonDialog, which can be dragged on a form >>> and invoked easily... >>> >>> Greetings, >>> Henning Krause >>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >>> >>>> Hi Henning, >>>> >>>> Yup .. I'm already aware of pinvoking like that .. looked at 2 >>>> references herein: >>>> >>>> http://groups.google.com/group/microsoft.public.dotnet.languages.csh >>>> arp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>>> >>>> But there should obviously be a managed simplified wrapper fn which >>>> simplifies this procedure. Should be a nice simple .net >>>> implementation >>>> to prompt a user for providing a pswd which securely manages the >>>> memory of >>>> the string and returns a SecureString to be used by (granted few) >>>> functions that accept a SecureString arg. >>>> Cheers, >>>> - Mitch Gallant >>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote >>>> in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>>> >>>>> Hello, >>>>> >>>>> you can use the CredUIPromptForCredential function. >>>>> >>>>> If you google for this, you will find plenty of implementations. >>>>> I've one on my website, too :-) >>>>> >>>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>>> >>>>> Greetings, >>>>> Henning Krause >>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>>> >>>>>> Using .NET 2 managed code only, what is the best that can be done >>>>>> security-wise in collecting a password from the user (as console >>>>>> or some pswd control dialog) and passing to a function (like >>>>>> X509Certificate.Import) which can accept a SecureString? >>>>>> >>>>>> What about pinvoking to access a secure password dialog input? >>>>>> Going out of managed code, but does this remove immutable string >>>>>> input ? >>>>>> >>>>>> - Mitch >>>>>> > > Hello Mitch,
> String pswdstr = Console.ReadLine(); This way, you again have the password in string representation, and you > Char[] chars = pswdstr.ToCharArray() ; > SecureString password = new SecureString(); don't know when that instance is garbage collected. Greetings, Henning Krause Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> wrote in message news:O5Wyo8HVGHA.5332@TK2MSFTNGP10.phx.gbl... > Just noticed that there's a useful .NET 2 sdk SecureString console sample > app: > http://msdn2.microsoft.com/en-us/library/07b9wyhy.aspx > which uses a lot of the greatly expanded Console capability .. to parse > single > keystrokes. The sample has some other useful parts; interesting title: > > Console.Title = "Fanatical Health Entry System"; > > The basic code for building the SecureString from keystrokes is: > ---------------------- > SecureString password = new SecureString(); > .. > ConsoleKeyInfo cki = Console.ReadKey(true); > ... > password.AppendChar(cki.KeyChar); > ----------------------- > > > By comparison, this is the simpler approach: > ----------------- > String pswdstr = Console.ReadLine(); > Char[] chars = pswdstr.ToCharArray() ; > SecureString password = new SecureString(); > > for(int i = 0; i <= chars.Length - 1; i++) > password.AppendChar(chars[i]) ; > ------------------- > > From a security perspective, are these equivalent? i.e. does the > ConsoleKeyInfo actually expose any string content related to > the clicked key characters that is immutable? > > - Mitch Gallant > MVP Security > > "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> > wrote in message news:4580be631990f78c822462bcefa3a@news.microsoft.com... >> Hi, >> there will be more classes that use SecureString in .NET 3.0 >> >> Avalon (WinFX) contains a Password Textbox that returns a SecureString - >> not sure if SS is used anywhere in WCF or WF >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >> >>> Thanks Henning. Good article. >>> >>> I'm looking for some commentary from MS on this also .. to see what >>> plans exist to implement secured credentials prompting in future .NET >>> releases. >>> >>> Trying to dig into the api used in the generic IE export to pfx >>> and the pswd dialog that is used there (probably some internal >>> fn based on CredUIPromptForCredential ). >>> I'm updating the keypal.exe .NET tool to include pfx exportation, >>> so am idling on how to implement the pswd prompting :-) >>> Cheers, >>> - Mitch Gallant >>> MVP Security >>> jensign.com >>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >>> message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... >>> >>>> Hello, >>>> >>>> my implementation is a CommonDialog, which can be dragged on a form >>>> and invoked easily... >>>> >>>> Greetings, >>>> Henning Krause >>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >>>> >>>>> Hi Henning, >>>>> >>>>> Yup .. I'm already aware of pinvoking like that .. looked at 2 >>>>> references herein: >>>>> >>>>> http://groups.google.com/group/microsoft.public.dotnet.languages.csh >>>>> arp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>>>> >>>>> But there should obviously be a managed simplified wrapper fn which >>>>> simplifies this procedure. Should be a nice simple .net >>>>> implementation >>>>> to prompt a user for providing a pswd which securely manages the >>>>> memory of >>>>> the string and returns a SecureString to be used by (granted few) >>>>> functions that accept a SecureString arg. >>>>> Cheers, >>>>> - Mitch Gallant >>>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote >>>>> in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>> >>>>>> Hello, >>>>>> >>>>>> you can use the CredUIPromptForCredential function. >>>>>> >>>>>> If you google for this, you will find plenty of implementations. >>>>>> I've one on my website, too :-) >>>>>> >>>>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>>>> >>>>>> Greetings, >>>>>> Henning Krause >>>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>>>> >>>>>>> Using .NET 2 managed code only, what is the best that can be done >>>>>>> security-wise in collecting a password from the user (as console >>>>>>> or some pswd control dialog) and passing to a function (like >>>>>>> X509Certificate.Import) which can accept a SecureString? >>>>>>> >>>>>>> What about pinvoking to access a secure password dialog input? >>>>>>> Going out of managed code, but does this remove immutable string >>>>>>> input ? >>>>>>> >>>>>>> - Mitch >>>>>>> >> >> > > Yes I know this. I was wondering about the other implementation
(with ConsoleKeyInfo class) which looks like a safe way to get user data into the SecureString object. - Mitch Show quoteHide quote "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in message news:O3xusXIVGHA.1728@TK2MSFTNGP11.phx.gbl... > Hello Mitch, > >> String pswdstr = Console.ReadLine(); >> Char[] chars = pswdstr.ToCharArray() ; >> SecureString password = new SecureString(); > > This way, you again have the password in string representation, and you don't know when that instance is garbage > collected. > > Greetings, > Henning Krause > > "Mitch Gallant" <jensigner@community.nospam> wrote in message news:O5Wyo8HVGHA.5332@TK2MSFTNGP10.phx.gbl... >> Just noticed that there's a useful .NET 2 sdk SecureString console sample app: >> http://msdn2.microsoft.com/en-us/library/07b9wyhy.aspx >> which uses a lot of the greatly expanded Console capability .. to parse single >> keystrokes. The sample has some other useful parts; interesting title: >> >> Console.Title = "Fanatical Health Entry System"; >> >> The basic code for building the SecureString from keystrokes is: >> ---------------------- >> SecureString password = new SecureString(); >> .. >> ConsoleKeyInfo cki = Console.ReadKey(true); >> ... >> password.AppendChar(cki.KeyChar); >> ----------------------- >> >> >> By comparison, this is the simpler approach: >> ----------------- >> String pswdstr = Console.ReadLine(); >> Char[] chars = pswdstr.ToCharArray() ; >> SecureString password = new SecureString(); >> >> for(int i = 0; i <= chars.Length - 1; i++) >> password.AppendChar(chars[i]) ; >> ------------------- >> >> From a security perspective, are these equivalent? i.e. does the >> ConsoleKeyInfo actually expose any string content related to >> the clicked key characters that is immutable? >> >> - Mitch Gallant >> MVP Security >> >> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message >> news:4580be631990f78c822462bcefa3a@news.microsoft.com... >>> Hi, >>> there will be more classes that use SecureString in .NET 3.0 >>> >>> Avalon (WinFX) contains a Password Textbox that returns a SecureString - not sure if SS is used anywhere in WCF or >>> WF >>> >>> --------------------------------------- >>> Dominick Baier - DevelopMentor >>> http://www.leastprivilege.com >>> >>>> Thanks Henning. Good article. >>>> >>>> I'm looking for some commentary from MS on this also .. to see what >>>> plans exist to implement secured credentials prompting in future .NET >>>> releases. >>>> >>>> Trying to dig into the api used in the generic IE export to pfx >>>> and the pswd dialog that is used there (probably some internal >>>> fn based on CredUIPromptForCredential ). >>>> I'm updating the keypal.exe .NET tool to include pfx exportation, >>>> so am idling on how to implement the pswd prompting :-) >>>> Cheers, >>>> - Mitch Gallant >>>> MVP Security >>>> jensign.com >>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >>>> message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... >>>> >>>>> Hello, >>>>> >>>>> my implementation is a CommonDialog, which can be dragged on a form >>>>> and invoked easily... >>>>> >>>>> Greetings, >>>>> Henning Krause >>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>> >>>>>> Hi Henning, >>>>>> >>>>>> Yup .. I'm already aware of pinvoking like that .. looked at 2 >>>>>> references herein: >>>>>> >>>>>> http://groups.google.com/group/microsoft.public.dotnet.languages.csh >>>>>> arp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>>>>> >>>>>> But there should obviously be a managed simplified wrapper fn which >>>>>> simplifies this procedure. Should be a nice simple .net >>>>>> implementation >>>>>> to prompt a user for providing a pswd which securely manages the >>>>>> memory of >>>>>> the string and returns a SecureString to be used by (granted few) >>>>>> functions that accept a SecureString arg. >>>>>> Cheers, >>>>>> - Mitch Gallant >>>>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote >>>>>> in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> you can use the CredUIPromptForCredential function. >>>>>>> >>>>>>> If you google for this, you will find plenty of implementations. >>>>>>> I've one on my website, too :-) >>>>>>> >>>>>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>>>>> >>>>>>> Greetings, >>>>>>> Henning Krause >>>>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>>>>> >>>>>>>> Using .NET 2 managed code only, what is the best that can be done >>>>>>>> security-wise in collecting a password from the user (as console >>>>>>>> or some pswd control dialog) and passing to a function (like >>>>>>>> X509Certificate.Import) which can accept a SecureString? >>>>>>>> >>>>>>>> What about pinvoking to access a secure password dialog input? >>>>>>>> Going out of managed code, but does this remove immutable string >>>>>>>> input ? >>>>>>>> >>>>>>>> - Mitch >>>>>>>> >>> >>> >> >> > > Hello Mitch,
you asked whether the two implementations are equivalent. And I would say no, because ConsoleKeyInfo just keeps one char in it's structure. There is never a string exposed. So I would assume this as a (relatively) safe way to get the password. Another option here would again be the Credential API: CredUICmdLinePromptForCredentials. Unfortunately, this version is not as configurable as the CredUIPromptForCredential method. Greetings, Henning Krause Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> wrote in message news:eldvRlLVGHA.4660@tk2msftngp13.phx.gbl... > Yes I know this. I was wondering about the other implementation > (with ConsoleKeyInfo class) which looks like a safe way to get > user data into the SecureString object. > > - Mitch > > "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in > message news:O3xusXIVGHA.1728@TK2MSFTNGP11.phx.gbl... >> Hello Mitch, >> >>> String pswdstr = Console.ReadLine(); >>> Char[] chars = pswdstr.ToCharArray() ; >>> SecureString password = new SecureString(); >> >> This way, you again have the password in string representation, and you >> don't know when that instance is garbage collected. >> >> Greetings, >> Henning Krause >> >> "Mitch Gallant" <jensigner@community.nospam> wrote in message >> news:O5Wyo8HVGHA.5332@TK2MSFTNGP10.phx.gbl... >>> Just noticed that there's a useful .NET 2 sdk SecureString console >>> sample app: >>> http://msdn2.microsoft.com/en-us/library/07b9wyhy.aspx >>> which uses a lot of the greatly expanded Console capability .. to parse >>> single >>> keystrokes. The sample has some other useful parts; interesting title: >>> >>> Console.Title = "Fanatical Health Entry System"; >>> >>> The basic code for building the SecureString from keystrokes is: >>> ---------------------- >>> SecureString password = new SecureString(); >>> .. >>> ConsoleKeyInfo cki = Console.ReadKey(true); >>> ... >>> password.AppendChar(cki.KeyChar); >>> ----------------------- >>> >>> >>> By comparison, this is the simpler approach: >>> ----------------- >>> String pswdstr = Console.ReadLine(); >>> Char[] chars = pswdstr.ToCharArray() ; >>> SecureString password = new SecureString(); >>> >>> for(int i = 0; i <= chars.Length - 1; i++) >>> password.AppendChar(chars[i]) ; >>> ------------------- >>> >>> From a security perspective, are these equivalent? i.e. does the >>> ConsoleKeyInfo actually expose any string content related to >>> the clicked key characters that is immutable? >>> >>> - Mitch Gallant >>> MVP Security >>> >>> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> >>> wrote in message >>> news:4580be631990f78c822462bcefa3a@news.microsoft.com... >>>> Hi, >>>> there will be more classes that use SecureString in .NET 3.0 >>>> >>>> Avalon (WinFX) contains a Password Textbox that returns a >>>> SecureString - not sure if SS is used anywhere in WCF or WF >>>> >>>> --------------------------------------- >>>> Dominick Baier - DevelopMentor >>>> http://www.leastprivilege.com >>>> >>>>> Thanks Henning. Good article. >>>>> >>>>> I'm looking for some commentary from MS on this also .. to see what >>>>> plans exist to implement secured credentials prompting in future .NET >>>>> releases. >>>>> >>>>> Trying to dig into the api used in the generic IE export to pfx >>>>> and the pswd dialog that is used there (probably some internal >>>>> fn based on CredUIPromptForCredential ). >>>>> I'm updating the keypal.exe .NET tool to include pfx exportation, >>>>> so am idling on how to implement the pswd prompting :-) >>>>> Cheers, >>>>> - Mitch Gallant >>>>> MVP Security >>>>> jensign.com >>>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >>>>> message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... >>>>> >>>>>> Hello, >>>>>> >>>>>> my implementation is a CommonDialog, which can be dragged on a form >>>>>> and invoked easily... >>>>>> >>>>>> Greetings, >>>>>> Henning Krause >>>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>>> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>>> >>>>>>> Hi Henning, >>>>>>> >>>>>>> Yup .. I'm already aware of pinvoking like that .. looked at 2 >>>>>>> references herein: >>>>>>> >>>>>>> http://groups.google.com/group/microsoft.public.dotnet.languages.csh >>>>>>> arp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>>>>>> >>>>>>> But there should obviously be a managed simplified wrapper fn which >>>>>>> simplifies this procedure. Should be a nice simple .net >>>>>>> implementation >>>>>>> to prompt a user for providing a pswd which securely manages the >>>>>>> memory of >>>>>>> the string and returns a SecureString to be used by (granted few) >>>>>>> functions that accept a SecureString arg. >>>>>>> Cheers, >>>>>>> - Mitch Gallant >>>>>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote >>>>>>> in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> you can use the CredUIPromptForCredential function. >>>>>>>> >>>>>>>> If you google for this, you will find plenty of implementations. >>>>>>>> I've one on my website, too :-) >>>>>>>> >>>>>>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>>>>>> >>>>>>>> Greetings, >>>>>>>> Henning Krause >>>>>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>>>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>>>>>> >>>>>>>>> Using .NET 2 managed code only, what is the best that can be done >>>>>>>>> security-wise in collecting a password from the user (as console >>>>>>>>> or some pswd control dialog) and passing to a function (like >>>>>>>>> X509Certificate.Import) which can accept a SecureString? >>>>>>>>> >>>>>>>>> What about pinvoking to access a secure password dialog input? >>>>>>>>> Going out of managed code, but does this remove immutable string >>>>>>>>> input ? >>>>>>>>> >>>>>>>>> - Mitch >>>>>>>>> >>>> >>>> >>> >>> >> >> > > OK, this coveres it pretty well.
Couldn't resist showing what this GUI looks like (for that sample referred to below) .. sorry for html image :-) Kind of reminds you of the good ole DOS games-days eh? - Mitch Show quoteHide quote "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in message news:u3Dg%23sLVGHA.4384@tk2msftngp13.phx.gbl... > Hello Mitch, > > you asked whether the two implementations are equivalent. And I would say > no, because ConsoleKeyInfo just keeps one char in it's structure. > > There is never a string exposed. So I would assume this as a (relatively) > safe way to get the password. > > Another option here would again be the Credential API: > CredUICmdLinePromptForCredentials. Unfortunately, this version is not as > configurable as the CredUIPromptForCredential method. > > Greetings, > Henning Krause > > "Mitch Gallant" <jensigner@community.nospam> wrote in message > news:eldvRlLVGHA.4660@tk2msftngp13.phx.gbl... >> Yes I know this. I was wondering about the other implementation >> (with ConsoleKeyInfo class) which looks like a safe way to get >> user data into the SecureString object. >> >> - Mitch >> >> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >> message news:O3xusXIVGHA.1728@TK2MSFTNGP11.phx.gbl... >>> Hello Mitch, >>> >>>> String pswdstr = Console.ReadLine(); >>>> Char[] chars = pswdstr.ToCharArray() ; >>>> SecureString password = new SecureString(); >>> >>> This way, you again have the password in string representation, and you >>> don't know when that instance is garbage collected. >>> >>> Greetings, >>> Henning Krause >>> >>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>> news:O5Wyo8HVGHA.5332@TK2MSFTNGP10.phx.gbl... >>>> Just noticed that there's a useful .NET 2 sdk SecureString console >>>> sample app: >>>> http://msdn2.microsoft.com/en-us/library/07b9wyhy.aspx >>>> which uses a lot of the greatly expanded Console capability .. to parse >>>> single >>>> keystrokes. The sample has some other useful parts; interesting title: >>>> >>>> Console.Title = "Fanatical Health Entry System"; >>>> >>>> The basic code for building the SecureString from keystrokes is: >>>> ---------------------- >>>> SecureString password = new SecureString(); >>>> .. >>>> ConsoleKeyInfo cki = Console.ReadKey(true); >>>> ... >>>> password.AppendChar(cki.KeyChar); >>>> ----------------------- >>>> >>>> >>>> By comparison, this is the simpler approach: >>>> ----------------- >>>> String pswdstr = Console.ReadLine(); >>>> Char[] chars = pswdstr.ToCharArray() ; >>>> SecureString password = new SecureString(); >>>> >>>> for(int i = 0; i <= chars.Length - 1; i++) >>>> password.AppendChar(chars[i]) ; >>>> ------------------- >>>> >>>> From a security perspective, are these equivalent? i.e. does the >>>> ConsoleKeyInfo actually expose any string content related to >>>> the clicked key characters that is immutable? >>>> >>>> - Mitch Gallant >>>> MVP Security >>>> >>>> "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> >>>> wrote in message >>>> news:4580be631990f78c822462bcefa3a@news.microsoft.com... >>>>> Hi, >>>>> there will be more classes that use SecureString in .NET 3.0 >>>>> >>>>> Avalon (WinFX) contains a Password Textbox that returns a >>>>> SecureString - not sure if SS is used anywhere in WCF or WF >>>>> >>>>> --------------------------------------- >>>>> Dominick Baier - DevelopMentor >>>>> http://www.leastprivilege.com >>>>> >>>>>> Thanks Henning. Good article. >>>>>> >>>>>> I'm looking for some commentary from MS on this also .. to see what >>>>>> plans exist to implement secured credentials prompting in future ..NET >>>>>> releases. >>>>>> >>>>>> Trying to dig into the api used in the generic IE export to pfx >>>>>> and the pswd dialog that is used there (probably some internal >>>>>> fn based on CredUIPromptForCredential ). >>>>>> I'm updating the keypal.exe .NET tool to include pfx exportation, >>>>>> so am idling on how to implement the pswd prompting :-) >>>>>> Cheers, >>>>>> - Mitch Gallant >>>>>> MVP Security >>>>>> jensign.com >>>>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >>>>>> message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> my implementation is a CommonDialog, which can be dragged on a form >>>>>>> and invoked easily... >>>>>>> >>>>>>> Greetings, >>>>>>> Henning Krause >>>>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>>>> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>>>> >>>>>>>> Hi Henning, >>>>>>>> >>>>>>>> Yup .. I'm already aware of pinvoking like that .. looked at 2 >>>>>>>> references herein: >>>>>>>> >>>>>>>> http://groups.google.com/group/microsoft.public.dotnet.languages.csh >>>>>>>> arp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>>>>>>> >>>>>>>> But there should obviously be a managed simplified wrapper fn which >>>>>>>> simplifies this procedure. Should be a nice simple .net >>>>>>>> implementation >>>>>>>> to prompt a user for providing a pswd which securely manages the >>>>>>>> memory of >>>>>>>> the string and returns a SecureString to be used by (granted few) >>>>>>>> functions that accept a SecureString arg. >>>>>>>> Cheers, >>>>>>>> - Mitch Gallant >>>>>>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote >>>>>>>> in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> you can use the CredUIPromptForCredential function. >>>>>>>>> >>>>>>>>> If you google for this, you will find plenty of implementations. >>>>>>>>> I've one on my website, too :-) >>>>>>>>> >>>>>>>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>>>>>>> >>>>>>>>> Greetings, >>>>>>>>> Henning Krause >>>>>>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>>>>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>>>>>>> >>>>>>>>>> Using .NET 2 managed code only, what is the best that can be done >>>>>>>>>> security-wise in collecting a password from the user (as console >>>>>>>>>> or some pswd control dialog) and passing to a function (like >>>>>>>>>> X509Certificate.Import) which can accept a SecureString? >>>>>>>>>> >>>>>>>>>> What about pinvoking to access a secure password dialog input? >>>>>>>>>> Going out of managed code, but does this remove immutable string >>>>>>>>>> input ? >>>>>>>>>> >>>>>>>>>> - Mitch >>>>>>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > > Hi,
I believe that SecureString is actually overrated. All it can protect against is side channel attacks i.e. password exposed by: a. adversary is able to read memory of your process. b. adversary is able to read page file when the memory page containing the password is paged to the file. c. much more advanced, processor dependent and quite unrealistic attacks, like measuring cache line re-initialization delays and correlating them to clear text password. but the bottom line is: Adversary either has to high privileged process or a physical access to your computer. Protecting the password in this threat model is kind of misnomer. If someone can read page file by booting from separate media - what stops them from changing your password, or injecting new local account, or just plain reading all the secrets from your harddisk? You say - full volume encryption, but in this case - the page file will be encrypted as well and the secure string gives you nothing... And if someone has access to your process memory, then secure string is not going to protect your password either, because in the latter case it is possible to recover encryption key which is used for encrypting the password. It probably would not be a trivial attack, but it is still possible (think for example of a debugger's breakpoint on memory access). The thing is that SecureString takes its origin from middle of 90th when someone reported that Windows NT stores clear text passwords on hard disk... which appeared to be just a page file... and to access this page file one had to boot from separate disk (it was floppy disk that time) ... and to reproduce that one had to cut off the power of Windows NT box at precise point of time... Very unrealistic attack scenario! But nevertheless it caused a lot of noise including publication in the big new media and newspapers. Since than Microsoft started to encrypt passwords in memory and that grown up to a SecureString nowadays. Secure string could only mean something if Windows would support mandatory access control and set of protective features similar to IBM 4758 cryptographic processor (see http://www-03.ibm.com/security/cryptocards/ ). But we all know it will never going to happen (it simply is unreasonable to expect that level of protection without reliance on highly customized and extremely expensive hardware). -Valery. http://www.harper.no/valery Show quoteHide quote "Mitch Gallant" <jensigner@community.nospam> wrote in message news:O5Wyo8HVGHA.5332@TK2MSFTNGP10.phx.gbl... > Just noticed that there's a useful .NET 2 sdk SecureString console sample > app: > http://msdn2.microsoft.com/en-us/library/07b9wyhy.aspx > which uses a lot of the greatly expanded Console capability .. to parse > single > keystrokes. The sample has some other useful parts; interesting title: > > Console.Title = "Fanatical Health Entry System"; > > The basic code for building the SecureString from keystrokes is: > ---------------------- > SecureString password = new SecureString(); > .. > ConsoleKeyInfo cki = Console.ReadKey(true); > ... > password.AppendChar(cki.KeyChar); > ----------------------- > > > By comparison, this is the simpler approach: > ----------------- > String pswdstr = Console.ReadLine(); > Char[] chars = pswdstr.ToCharArray() ; > SecureString password = new SecureString(); > > for(int i = 0; i <= chars.Length - 1; i++) > password.AppendChar(chars[i]) ; > ------------------- > > From a security perspective, are these equivalent? i.e. does the > ConsoleKeyInfo actually expose any string content related to > the clicked key characters that is immutable? > > - Mitch Gallant > MVP Security > > "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> > wrote in message news:4580be631990f78c822462bcefa3a@news.microsoft.com... >> Hi, >> there will be more classes that use SecureString in .NET 3.0 >> >> Avalon (WinFX) contains a Password Textbox that returns a SecureString - >> not sure if SS is used anywhere in WCF or WF >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >> >>> Thanks Henning. Good article. >>> >>> I'm looking for some commentary from MS on this also .. to see what >>> plans exist to implement secured credentials prompting in future .NET >>> releases. >>> >>> Trying to dig into the api used in the generic IE export to pfx >>> and the pswd dialog that is used there (probably some internal >>> fn based on CredUIPromptForCredential ). >>> I'm updating the keypal.exe .NET tool to include pfx exportation, >>> so am idling on how to implement the pswd prompting :-) >>> Cheers, >>> - Mitch Gallant >>> MVP Security >>> jensign.com >>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote in >>> message news:%23V%23TFEBVGHA.4900@TK2MSFTNGP12.phx.gbl... >>> >>>> Hello, >>>> >>>> my implementation is a CommonDialog, which can be dragged on a form >>>> and invoked easily... >>>> >>>> Greetings, >>>> Henning Krause >>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>> news:epVpt$AVGHA.328@TK2MSFTNGP11.phx.gbl... >>>> >>>>> Hi Henning, >>>>> >>>>> Yup .. I'm already aware of pinvoking like that .. looked at 2 >>>>> references herein: >>>>> >>>>> http://groups.google.com/group/microsoft.public.dotnet.languages.csh >>>>> arp/browse_thread/thread/156736d67df0b2e9/7d58cd0be12e5d4c >>>>> >>>>> But there should obviously be a managed simplified wrapper fn which >>>>> simplifies this procedure. Should be a nice simple .net >>>>> implementation >>>>> to prompt a user for providing a pswd which securely manages the >>>>> memory of >>>>> the string and returns a SecureString to be used by (granted few) >>>>> functions that accept a SecureString arg. >>>>> Cheers, >>>>> - Mitch Gallant >>>>> "Henning Krause [MVP]" <newsgroups.rem***@this.infinitec.de> wrote >>>>> in message news:OK%232%23rAVGHA.328@TK2MSFTNGP11.phx.gbl... >>>>> >>>>>> Hello, >>>>>> >>>>>> you can use the CredUIPromptForCredential function. >>>>>> >>>>>> If you google for this, you will find plenty of implementations. >>>>>> I've one on my website, too :-) >>>>>> >>>>>> http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx >>>>>> >>>>>> Greetings, >>>>>> Henning Krause >>>>>> "Mitch Gallant" <jensigner@community.nospam> wrote in message >>>>>> news:u4kfYDAVGHA.1868@TK2MSFTNGP09.phx.gbl... >>>>>> >>>>>>> Using .NET 2 managed code only, what is the best that can be done >>>>>>> security-wise in collecting a password from the user (as console >>>>>>> or some pswd control dialog) and passing to a function (like >>>>>>> X509Certificate.Import) which can accept a SecureString? >>>>>>> >>>>>>> What about pinvoking to access a secure password dialog input? >>>>>>> Going out of managed code, but does this remove immutable string >>>>>>> input ? >>>>>>> >>>>>>> - Mitch >>>>>>> >> >> > > 
Other interesting topics
Can I tell if a user came thru a secure site?
.NET app on a shared directory. How to troubleshoot 401 error when connecting using NetworkCredent if I encrypt key data why do I want or need SSL? Strange problem with X509Certificate2 on Windows 2003 Security issue running unmanaged code in a win form ctrl hosted in VB.NET Role-Based Access SecurityPermission problem How to encrypt a string with ProtectedData (.NET 2.0) Trying to grant full trust..... (.NET 2.0) |
|||||||||||||||||||||||
