Generating a Derived Key from a Password Stored in a SecureString

The Rfc2898DeriveBytes class derives a new cryptographic key from the given string password. As I understand it, this should improve the security of the key data, since you never need to store the key forever - it can always be obtained from the value known to the user. However, since only a value is required as an input string

, the original password remains in memory until GC'd. It seems to me that this is a potential security problem, as dangerous as storing the key itself in the system. The .NET Framework implements a SecureString implementation for in-memory password protection. But Rfc2898DeriveBytes doesn't accept a safe string.

Is there a way to generate a cryptographic key from a SecureString?


source to share

1 answer

What happened to the usage SecureString.ToString()

when initializing the cryptography class? When the method completes, the return value .ToString()

will no longer be available, right?

Edit: in other words, something like

var crypto = new Rfc...(secureString.ToString());




All Articles