Isopoh.Cryptography.SecureArray
Advanced tools
A managed class that can hold an array in RAM and zero it on disposal. The code has the capability to throw if it cannot lock the array in RAM or gracefully degrade to merely pinning the memory to prevent the CLR from moving it and risking exposure to other part of the executable.
You can think of the SecureArray sort of like you would think of
SecureString
except that SecureString does crypto (usually -
encryption isn't supported everywhere)
to protect its sensitive data and has windows of vulnerability when it
decrypts the string for use. SecureArray protects its data by locking the
data into RAM to keep it from swapping to disk and also zeroing the buffer when
disposed. So, unlike SecureString, any process with access to your process's
memory will be able to read the data in your SecureArray, but you do not
have to worry about your data persisting anywhere or multiple copies of your
data floating around RAM due to C#'s memory management.
Because it locks the memory into RAM (and at a non-movable-by-the-garbage-collector location), you need to use it as infrequently as possible and for as short a time as possible. RAM secured this way puts stress on the computer as a whole by denying physical RAM for other processes and puts stress on your particular executable by denying freedom to the garbage collector to reduce fragmentation as needed for best performance.
Note: when using SecureArray in the browser (for example, under Blazor or UnoPlatform), the memory cannot be locked into RAM so SecureArray does its best effort to protect the data by zeroing the buffer when it is disposed.
Note similarly: when using SecureArray in a Universal Windows Platform (UWP)
application, I have yet to figure out how to use the supposedly available
VirtualAllocFromApp() system call to lock memory into RAM so SecureArray does
its best effort to protect the data by zeroing the buffer when it is disposed.
Always dispose of your SecureArrays.
The API Documentation at https://mheyman.github.io/Isopoh.Cryptography.Argon2 gets generated automatically upon build. This happens via a dummy C# "Doc" project that uses the DocFx NuGet package to produce the API documentation.
List of people and project that inspired creation of this one:
Isopoh.Cryptography.Argon2 by Michael Heyman is licensed under a Creative Commons Attribution 4.0 International License.
You should be aware that this project is supported solely by me and provided as is.
Go back to the top
FAQs
A managed class that can hold an array in RAM and zero it on disposal. The code has the capability to throw if it cannot lock the array in RAM or gracefully degrade to merely pinning the memory to prevent the CLR from moving it and risking exposure to other part of the executable.
We found that isopoh.cryptography.securearray demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
TC39 advances 11 JavaScript proposals, with two moving to Stage 4, bringing better math, binary APIs, and more features one step closer to the ECMAScript spec.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
