问题描述

我有一个函数用户注册忘记密码，即返回 SecureString的键入

当我通过这个安全的字符串 Rfc2898DeriveBytes 来生成一个密钥，Visual Studio会显示错误。我有限的知识告诉我，这是因为 Rfc2898DeriveBytes 只接受一个字符串，而不是安全字符串。有没有一种解决方法呢？

  //读取终端
 Console.Write密码（插入口令 ）; 
 securePwd = myCryptography.GetPassword（）; 
 
 //不知道为什么盐这样
字节[] =盐新的字节[] {0×00，0×01，0×02，×03，0×04，0×05，0×06，的0xf1，0XF0初始化，0xEE，为0x21，0x22，}×45; 
试
 {// PBKDF2标准
 Rfc2898DeriveBytes键=新Rfc2898DeriveBytes（securePwd，盐，iterationsPwd）; 
  

做一些研究，并寻找在计算器以前的答案后，提 SecureString的，这个问题的答案几乎肯定是否。只有API的创建者可以接受 SecureString的和处理它正确内部。 ，而且他们只能做，随着平台的帮助下

如果你 - 作为一个用户 - 可以检索纯文本字符串，你会抵消大部分摆在首位使用 SecureString的的优势。它甚至会有点危险的，因为你需要创建安全看代码，这实际上不会是安全的。

I've a function GetPassword, that returns a SecureString type.

When I pass this secure string to Rfc2898DeriveBytes to generate a key, Visual Studio shows an error. My limited knowledge tells me that it is because Rfc2898DeriveBytes accepts only a string and not a secure string. Is there a workaround to this?

//read the password from terminal
Console.Write("Insert password");
securePwd = myCryptography.GetPassword();

//dont know why the salt is initialized like this
byte[] salt = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0xF1, 0xF0, 0xEE, 0x21, 0x22, 0x45 };
 try
 {   //PBKDF2 standard 
     Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(securePwd, salt, iterationsPwd);

After doing some research and looking at previous answers on stackoverflow mentioning SecureString, that answer is almost certainly: "No". Only the creators of the API can accept SecureString and handle it correctly internally. And they can only do that with help of the platform.

If you - as a user - could retrieve the plain text String, you would have negated most of the advantages of using SecureString in the first place. It would even be a bit dangerous as you would create secure looking code, that would not actually be secure at all.

这篇关于Rfc2898DeriveBytes + PBKDF2 + SecureString的是它可以使用安全字符串而不是一个字符串？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！