I am building a generic Password object for my application and I am thinking
of using an instance of SecureString as the backing value for the Password
Instance. However, in order to compare it I have to serialize it to a string.
So I feel like my password object should just auto hash the password value
given to it and just keep it as a string rather than bothering with a
SecureString.

Thoughts?

Hello,

if a hash value is enough, it's the best way to go.

On the other hand, if you need the password to authenticate against a server
or something else, you should use the SecureString.

That said, never serialize a SecureString instance to a string. You have
absolutely no control what happens to that instance, because you cannot
deterministically destroy or overwrite it. Use the Marshal functions to
extract the contents to an unmanaged byte array. You can zero-out the array,
when you are finished.

I have a helper library on my website that does exactly this - decrypt the
contents of the SecureString instance into a byte array which is locked in
memory. A call to the dispose method will zero-out the byte-array. (See
http://www.infinitec.de/software/nettoolbox/infinitec.security.aspx).

Greetings,
Henning Krause


[quoted text, click to view]