Using SecureString

c# security securestring
Todd Smith picture Todd Smith · Mar 10, 2010 · Viewed 54.7k times · Source

Can this be simplified to a one liner? Feel free to completely rewrite it as long as secureString gets initialized properly.

SecureString secureString = new SecureString ();
foreach (char c in "fizzbuzz".ToCharArray())
{
    secureString.AppendChar (c);
}

Answer

Kevin picture Kevin · Jun 22, 2012

Just use NetworkCredential. It has the conversion logic built-in.

SecureString ss = new NetworkCredential("", "fizzbuzz").SecurePassword;

As others have noted, all of these techniques strip the security benefits of SecureString, but in certain situations (such as unit tests) this may be acceptable.

Update:

As noted in the comments, NetworkCredential can also be used to convert a SecureString back to a string.

string s = new NetworkCredential("", ss).Password;

Related questions

Convert String to SecureString

How to convert String to SecureString?

Read More
Safe use of SecureString for login form

So there's this class that seems very seldom used: SecureString. It's been around since 2.0 at least, and there are a few SO questions on it, but I thought I'd ask my own specific questions: I have a LoginForm; simple WinForms …

Read More
SecureString for storing in memory and presenting passwords? Or something else?

I have been writing a little program for myself using C# that I can use to store my passwords and then retrieve them for viewing/editing. While the passwords are stored to disk in an encrypted format, when they are …

Read More