Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Common Practice regarding Passwords in Memory

Tags:

memory-management

.net

security

windows

I am writing a .net(C#) windows application to store user passwords in it, like keypass, lastpass, roboforms etc.

To process the user data i have to keep it in memory this data also contains Passwords of the user.

Now my Questions are:

  1. Can someone read the Memory Data using some tool or memory dump?
  2. If yes then How? Can someone share such tool? i tried with CurrProcess, HeapViewer,ProcessExplorer and ProcessView applications but can't find any private data in memory dump,
  3. Do I need to learn something else to ensure the protection of in memory passwords.

Thanks

like image 213
Mubashar Avatar asked Feb 02 '11 10:02

Mubashar

People also ask

What is the best practice in storing passwords in a database?

Hash all passwords Never store passwords in plain text. Always create a hash from them and store the hash instead. In password storage, hashing is superior to encryption since a hash can't be reversed.

What is password management practices?

Password management is a set of principles and best practices to be followed by users while storing and managing passwords in an efficient manner to secure passwords as much as they can to prevent unauthorized access.

How are passwords commonly stored?

The main storage methods for passwords are plain text, hashed, hashed and salted, and reversibly encrypted. If an attacker gains access to the password file, then if it is stored as plain text, no cracking is necessary.

1 Answers

You are correct in your concerns, strings in memory are not safe.

You're probably looking for the SecureString class.

like image 194
Kobi Avatar answered Oct 06 '22 22:10

Kobi
Sign in to Comment

Related questions

How do I create a temp file in a directory other than temp?
Is it possible to include only required dlls and not the entire .Net framework?
Insert a <br /> tag programmatically (VB.NET)
DataBind and Postback
VS 2008 Addon to temporarily disable/remove all catch block
How to create a rounded rectangle at runtime in Windows Forms with VB.NET/C#?
MVVM pattern, IDataErrorInfo and Binding to display error?
What are the benefits of implicit typing in C# 3.0 >+
INotifyPropertyChanged with threads
XtraGrid Suite - is there a way to add a button or hyperlink to a cell?
Logging strategy vs. performance
Disable Alt+F4 but allow the form to be closed by code, CloseReason.UserClosing is not helping
Create an object in C# from an F# object with optional arguments
How to format a date as localized Short MonthDay string
How to turn null to 0
Chinese CultureInfo
Best way to write DataTables from a Web Service into XML?
Is it wise decision to move from .NET to Java EE or RoR?
Files has invalid value error, the given path's format is not supported
Extract text and text rectangle coordinates from a Pdf file using itextsharp

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!