I am not sure if you need unsafe code in that case (see answer of @mybirthname). But when unsafe code is needed, it can be enabled in Project properties. In the main menu, click Project and then <ProjectName> properties… Click on the Build page. Select Allow unsafe code. Or one can specify /unsafe compiler option … Read more
I’m quoting from an article about the DPAPI which is used to derive the key. This should answer most questions that you have about SecureString. And yes, SecureString has drawbacks and is not completely secure, there are ways to access to data, for example, injecting Hawkeye into the process is mentioned on MSDN as a … Read more
$Password is a Securestring, and this will return the plain text password. [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password))
This doesn’t have unsafe blocks and won’t display the password in plaintext: public static bool IsEqualTo(this SecureString ss1, SecureString ss2) { IntPtr bstr1 = IntPtr.Zero; IntPtr bstr2 = IntPtr.Zero; try { bstr1 = Marshal.SecureStringToBSTR(ss1); bstr2 = Marshal.SecureStringToBSTR(ss2); int length1 = Marshal.ReadInt32(bstr1, -4); int length2 = Marshal.ReadInt32(bstr2, -4); if (length1 == length2) { for (int x … Read more
As you correctly deduced, and others already mentioned, it makes little sense to use SecureString to store security-sensitive data that comes from an ASP.NET form, because that data is already present in memory in plain text. There are other scenarios, however, where the use of SecureString is recommended, because the sensitive data is created by … Read more
The simplest approach is to iterate over the source string and append one character at a time to the secure string, like so: var secure = new SecureString(); foreach (char c in textbox1.Text) { secure.AppendChar(c); }
Just use NetworkCredential. It has the conversion logic built-in. SecureString ss = new NetworkCredential(“”, “fizzbuzz”).SecurePassword; As others have noted, all of these techniques strip the security benefits of SecureString, but in certain situations (such as unit tests) this may be acceptable. Update: As noted in the comments, NetworkCredential can also be used to convert a … Read more
You are close, but the parameter you pass to SecureStringToBSTR must be a SecureString. You appear to be passing the result of ConvertFrom-SecureString, which is an encrypted standard string. So call ConvertTo-SecureString on this before passing to SecureStringToBSTR. $SecurePassword = ConvertTo-SecureString $PlainPassword -AsPlainText -Force $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword) $UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
There is also another way to convert between SecureString and String. 1. String to SecureString SecureString theSecureString = new NetworkCredential(“”, “myPass”).SecurePassword; 2. SecureString to String string theString = new NetworkCredential(“”, theSecureString).Password; Here is the link
Try crypto.randomBytes(): require(‘crypto’).randomBytes(48, function(err, buffer) { var token = buffer.toString(‘hex’); }); The ‘hex’ encoding works in node v0.6.x or newer.