Use of Secure String

Hello, I am maintaining some asp.net C# code. The code works with peoples passwords, and so I want the passwords to be secure. The code was originally written so that the passwords are stored using the C# String data type. So recently what I decided to do was to change the passwords to a Secure String data type instead of the simple String data type. I thought this would be an easy process, however from what I can understand in reading about SecureString, is that it is more of a data type that is used for encrypting a string. Here is a good article online where a fellow uses the secure string class. Have any experts had any experience with using this class? would you recommend it? Am I correct in my opinion that secure string is basically a way of securely encrypting strings?

https://msdn.microsoft.com/en-us/library/system.security.securestring(v=vs.110).aspx


http://www.codeproject.com/Tips/549109/Working-with-SecureString
LVL 2
brgdotnetcontractorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AndyAinscowFreelance programmer / ConsultantCommented:
The SecureString class will provide rather more confidentiality than just a string because the contents are encrypted in memory.  My understanding is that it is encrypted by a key generated locally.  In other words (I might be wrong) you can not store/share the value with another PC because that would use a different key to encrypt it.  (re stored using the C# String data type)  Note to view the contents you need to decrypt it and you are back to a string, visible in memory, with the same problems as the original code.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Éric MoreauSenior .Net ConsultantCommented:
check the last part titled "The SecureString class" from my article http://emoreau.com/Entries/Articles/2006/08/Strings-Strings-Strings.aspx
0
brgdotnetcontractorAuthor Commented:
Thank you. Nice article Eric
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C#

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.