Menu
I have a c# byte[] containing sensitive data. What is the best way to clear it? How do I ensure that something like Array.Clear will not be optimized away?
817
You can use a cloth or stiff brush. Then, remove the plug or cap from the access point (the T-shaped vent) and slowly pour either 1 cup of distilled vinegar or 1 cup of bleach solution into the drain line. Wait for 10 minutes to 1 hour for the blockage to be dissolved, depending on the severity of the clog.
Pour a cup of white distilled vinegar into the pipe vent access point. Cleaning the condensate drain with vinegar will kill bacteria, algae, and mold inside of it. Leave the vinegar to sit for several hours before you pour water into the access point to flush out the drain line.
In high humidity areas, homeowners will have to drain the portable AC every few hours (2 to 8 hours, in general). In other areas, you have to drain the unit once per day or every few days.
The most important maintenance task that will ensure the efficiency of your air conditioner is to routinely replace or clean its filters. Clogged, dirty filters reduce the amount of airflow and significantly reduce a system's efficiency.
I cannot think of any circumstance in which a call to Array.Clear would ever be optimized away and even if it could it would only be optimized away in instances where your byte[] was cleared already.
Edit: Something else to consider would be finding out if the framework's SecureString implementation would be useful in your situation:
A
SecureStringobject is similar to aStringobject in that it has a text value. However, the value of a SecureString object is automatically encrypted, can be modified until your application marks it as read-only, and can be deleted from computer memory by either your application or the .NET Framework garbage collector
110
Even if Array.Clear is guarenteed to be executed (not optimized away) I think you still may have a problem. The GC can move objects around in the heap and there is no guarentee that traces of the original byte will linger if it was moved from one location to another before Array.Clear was called.
You may want to check out SecureString, ProtectedData, or ProtectedMemory. But, if you want a more manual approach I think you are going to have to at least pin the byte array so that the GC cannot move it around. I believe the SecureString uses this trick as well.
28
A trick that works with most C compilers is to do something like sum all the elements of the cleared array, and then do something with that sum, like print it or xor it with your return value. That way the dead code elimination won't eliminate the clearing of the array.
That said, are you sure that you only need to clear this array? Consider all the other places where the value may also have existed: a buffer in a form, string objects being passed around, key equivalent values in intermediate calculations, or paged out to disk. Zeroizing this one array only gets you 1% of the way there. You have to clear the entire key path.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
