0

I made a simple command-line tool that interfaces with the haveibeenpwned API to check if the given password is safe or not. The problem is that the main function always contains "string[] args". Since strings are immutable, I won't be able to clear the memory after using the password, which is a potentially dangerous security issue. It doesn't seem like there is a way to get the arguments as "char[][]", is there a way to achieve the same memory clearing with that limitation?

Jackson Tarisa
  • 298
  • 2
  • 9
  • 1
    Please don't pass through and expect for it from the command-line. Request it to the user from the process itself in interactive mode. Also use for example [ProtectedMemory with encryption](https://stackoverflow.com/questions/58092320/store-data-securely-in-memory-password-based-encryption/58092585#58092585) and possibly with [compression](https://stackoverflow.com/questions/58050435/how-to-prevent-users-and-other-applications-from-accessing-data-saved-in-a-file/58051400#58051400) –  Aug 31 '21 at 09:36
  • 1
    I don't store the password in plain text for a long period of time anyway. As soon as I get it I hash it and at that point I'm ready to throw it away, so I don't think encryption or compression is necessary, but I will try getting it from interactive mode. – Jackson Tarisa Aug 31 '21 at 12:32
  • No matter the "*time*": Passing the password in clear using a command line argument is totally prohibited. It's the same as much worse than emailing it to your new customer –  Aug 31 '21 at 12:43
  • 1
    I just said that I didn't need encryption. Not passing it through command line argument seems reasonable (we're in agreement), though your comparison is greatly exaggerated. – Jackson Tarisa Aug 31 '21 at 12:49
  • "*I didn't need encryption*" => Fine ... therefore you don't need to code. –  Aug 31 '21 at 13:37
  • @OlivierRogier Unless you mean that I should encrypt a stream of characters as they come in so that my password never exists in memory in the first place, why would I encrypt a password that I'm going to decrypt on the next line so I can hash it? Even if I encrypted the password one letter at a time for the above reason, I would have to store the plaintext variant for a small amount of time while hashing because I can't hash one letter at a time. In this scenario, I don't see what encryption would do for me, since the plaintext password appears alongside the encrypted version in memory. – Jackson Tarisa Aug 31 '21 at 16:57
  • This is what a [SecureString](https://learn.microsoft.com/en-us/dotnet/api/system.security.securestring?view=net-5.0) tries to handle, but I dont know of any method this could be used in an command line. Even if you could use it, there is a lot of discussion, if there is a real benefit in using SecureString, especially in a short lived process like yours seems to be. – martinstoeckli Sep 09 '21 at 08:15

0 Answers0