locked
How to compare two SecureStrings? RRS feed

Answers

  • If you have an application where the use is typing into a PassworkBox, then at that point the strings are going to be in...a PassworkBox. Where they have just been typed in by the user, one key at a time at the keyboard, and those characters are going be in the PasswordBox control (concealed from the screen perhaps, but still stored in memory).

    At this point they are not exactly secure and there isn't much you can do about this, and worrying about using SecureStrings at this point is probably pointless.

    Just compare the PasswordBox.Text.

    This is not the intended usage for SecureStrings.

    • Marked as answer by ComptonAlvaro Tuesday, June 27, 2017 9:12 AM
    Monday, June 26, 2017 7:36 AM

All replies

  • Hi friend,

    Thanks for your post.

    As it's more about using C# I will move it to C# forum for you to get a quick and professional answer.

    Best regards,

    Fletcher


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, June 20, 2017 2:02 AM
  • Hi ComptonAlwaro,

    >>so I am wondering how I should work with SecureStrings.

    A SecureString object is similar to a String object in that it has a text value. However, the value of a SecureString object is pinned in memory, may use a protection mechanism, such as encryption, provided by the underlying operating system, can be modified until your application marks it as read-only, and can be deleted from computer memory either by your application calling the Dispose method or by the .NET Framework garbage collector.

    For the use of SeureStings, please refer to the MSDN article. Thread are examples for your reference.

    https://msdn.microsoft.com/en-us/library/system.security.securestring(v=vs.110).aspx

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Sunday, June 25, 2017 3:08 PM
  • Yes, I know that if I convert the secureString to string I lost the advantages of the secureString.

    So I would like to know the correct way to compare two securestrings.

    Supose that I have in an application two PasswordBox, one for set the password and second to repeat the password to ensure it is correct. How I could compare the two password to know if they are the same or not? It seems that to have a method that compare them it is not a good way.

    Thanks.

    Monday, June 26, 2017 7:23 AM
  • If you have an application where the use is typing into a PassworkBox, then at that point the strings are going to be in...a PassworkBox. Where they have just been typed in by the user, one key at a time at the keyboard, and those characters are going be in the PasswordBox control (concealed from the screen perhaps, but still stored in memory).

    At this point they are not exactly secure and there isn't much you can do about this, and worrying about using SecureStrings at this point is probably pointless.

    Just compare the PasswordBox.Text.

    This is not the intended usage for SecureStrings.

    • Marked as answer by ComptonAlvaro Tuesday, June 27, 2017 9:12 AM
    Monday, June 26, 2017 7:36 AM
  • Then what is the correct usage of the SecureString? I guess all strings are from keyborad, so in a first point always the first point is not secure, so there are any way to create a SecureString from a secure source?
    Monday, June 26, 2017 7:45 AM