问题描述
我有一个函数用户注册忘记密码
,即返回 SecureString的
键入
当我通过这个安全的字符串 Rfc2898DeriveBytes
来生成一个密钥,Visual Studio会显示错误。我有限的知识告诉我,这是因为 Rfc2898DeriveBytes
只接受一个字符串,而不是安全字符串。有没有一种解决方法呢?
//读取终端
Console.Write密码(插入口令 );
securePwd = myCryptography.GetPassword();
//不知道为什么盐这样
字节[] =盐新的字节[] {0×00,0×01,0×02,×03,0×04,0×05,0×06,的0xf1,0XF0初始化,0xEE,为0x21,0x22,}×45;
试
{// PBKDF2标准
Rfc2898DeriveBytes键=新Rfc2898DeriveBytes(securePwd,盐,iterationsPwd);
做一些研究,并寻找在计算器以前的答案后,提 SecureString的
,这个问题的答案几乎肯定是否。只有API的创建者可以接受 SecureString的
和处理它正确内部。 ,而且他们只能做,随着平台的帮助下
如果你 - 作为一个用户 - 可以检索纯文本字符串
,你会抵消大部分摆在首位使用 SecureString的
的优势。它甚至会有点危险的,因为你需要创建安全看代码,这实际上不会是安全的。
I've a function GetPassword
, that returns a SecureString
type.
When I pass this secure string to Rfc2898DeriveBytes
to generate a key, Visual Studio shows an error. My limited knowledge tells me that it is because Rfc2898DeriveBytes
accepts only a string and not a secure string. Is there a workaround to this?
//read the password from terminal
Console.Write("Insert password");
securePwd = myCryptography.GetPassword();
//dont know why the salt is initialized like this
byte[] salt = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0xF1, 0xF0, 0xEE, 0x21, 0x22, 0x45 };
try
{ //PBKDF2 standard
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(securePwd, salt, iterationsPwd);
After doing some research and looking at previous answers on stackoverflow mentioning SecureString
, that answer is almost certainly: "No". Only the creators of the API can accept SecureString
and handle it correctly internally. And they can only do that with help of the platform.
If you - as a user - could retrieve the plain text String
, you would have negated most of the advantages of using SecureString
in the first place. It would even be a bit dangerous as you would create secure looking code, that would not actually be secure at all.
这篇关于Rfc2898DeriveBytes + PBKDF2 + SecureString的是它可以使用安全字符串而不是一个字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!