Quiz: Handling Secrets in .Net

By Paladion

February 15, 2006

Which of these is not a good strategy for handling secrets in .Net?

  1. Use SecureZeroMemory to clear secrets in the memory
  2. Use aspnet_setreg to encrypt passwords in the registry
  3. Use .Net’s isolated storage to store secrets safely

The answer to the quiz is 3) Use .Net’s isolated storage to store secrets safely.

.Net’s new SecureZeroMemory function, the first choice above, clears secrets in memory safely. After you have finished using a secret, it’s best that you do not leave it lying in memory, lest it becomes visible in a crash dump or to other processes in the system. The SecureZeroMemory function is the safe way to do that; earlier options - like the ZeroMemory function - used to get optimized away by compilers that noticed that the memory location that got cleared was not being used anyway, so never mind zeroing it out. The SecureZeroMemory function, as we discussed in Palisade earlier, ensures that the compiler does not optimize the call to fill the memory with zeroes away.

The second choice relates to aspnet_setreg. When an application has to authenticate itself to the system, it needs to store its password. The problem is that an adversary could also gain access to that password. .Net solves this problem by letting the application store its credentials encrypted in the registry. The aspnet_setreg utility from Microsoft provides a consistent method to encrypt passwords without having to worry about the keys. The Microsoft support article “How to use the ASP.NET utility to encrypt credentials and session state connection strings” gives the steps to encrypt the password.

The third option recommends the use of .Net’s isolated storage to persist secrets - and that’s a bad idea. Isolated storage provides a virtual file system to mobile .Net applications. A user can let an application interact with its isolated storage without worrying about it messing up the file system. The application can only read and write from the isolated storage and not affect any part outside it. But remember isolated storage is not encrypted storage. The data stored in the isolated storage can be seen by a disk editor easily. Thus storing secrets in isolated storage is a bad idea.

Tags: Quiz