Disposing variables and objects that contains sensitive data

[C-onze]

I made a class to retrieve sensitive encrypted data from a file.

The class ClassSecret have a ReadOnly Property that return the sensitive data into a Dictionary.
The class DataProtector contains the function to decrypt the encrypted data.

Code:

Imports System.Web.Script.Serialization

Public Class ClassSecret
    Private Shared ReadOnly byteArray As Byte() = {0, 0} 'The sensitive data

    Private Shared ReadOnly Property Secrets As Dictionary(Of String, String)
        Get
            Dim dp As DataProtector = Nothing
            Dim tmpSecretsString As String
            Dim tmpSecrets As Dictionary(Of String, String)
            Dim serializer As JavaScriptSerializer = Nothing

            Try
                dp = New DataProtector
                tmpSecretsString = dp.ProtectedDataToString(byteArray)
                serializer = New JavaScriptSerializer()
                tmpSecrets = serializer.Deserialize(Of Dictionary(Of String, String))(tmpSecretsString)
                Return tmpSecrets
            Finally
                dp = Nothing
                tmpSecretsString = Nothing
                tmpSecrets = Nothing
                serializer = Nothing
            End Try

        End Get
    End Property

End Class

Public Class DataProtector
    Public Function ProtectedDataToString(ByVal data As Byte()) As String
        'Do some stuff
        Dim newString As String = "{""decrypted"":""data""}"
        Return newString
    End Function
End Class

I don't have much knowledge in computer science. I'm not sure if the variables values are stored somewhere in memory (and then can be accessed by unauthorized app) after I get the "Secrets" Property value from somewhere else in my program.
That's why I used a Try Finally to make the variables and objects egual to Nothing after the value of the property is returned.
I'm not using the Using statement since my class DataProtector don't have IDisposable implemented.

I may overcomplicate everything here. Is that Finally statement to make variables egual to Nothing is usefull, or all the variables are somewhat disposed automatically after the Get method returned the value as in the following code?

Code:

Private Shared ReadOnly Property Secrets As Dictionary(Of String, String)
        Get
            Dim tmpSecretsString As String = New DataProtector().ProtectedDataToString(byteArray)
            Dim tmpSecrets As Dictionary(Of String, String) = New JavaScriptSerializer().Deserialize(Of Dictionary(Of String, String))(tmpSecretsString)

            Return tmpSecrets
        End Get
    End Property

Thanks

[jmcilhinney]

No, it is not useful. You're setting local variables to Nothing but those local variables cease to exist when the method completes anyway. It's like erasing the writing from a page so no one can read it immediately before shredding the page. The Dictionary object that you created an assigned to tmpSecrets still exists and, in all likelihood, is assigned to a variable in the code that retrieved that property, so all the secret data is still accessible as long as that object exists. Even if you remove all references to that object, it still exists and so do the Strings it contains.

[Shaggy Hiker]

Well, setting the variables to Nothing does nothing for you. The variables, in this case, are reference types, which means that the variable holds nothing more than a reference to the actual object, which is sitting somewhere out in memory. All you did was erase the address, not the memory.

Turning off the computer will clear any memory. It only holds anything while the computer is on. However, while it is on, then that object is somewhere in memory. Is that an issue? Normally, it is not. If there is something running that is able to access all memory, if if were able to take constant snapshots of your RAM, it would see whatever was in that variable. Of course, computers these days tend to have many gigabytes of RAM. So, what you'd be talking about is some low level memory reader, taking multi-gigabyte snapshots periodically, and doing what exactly? If it is sending it somewhere, you'd have a process pumping many gigabytes over the network, which would be pretty noticeable. Virtually all of that information would be total garbage, too, because it would just be a bunch of bytes with little to indicate what they meant.

A more targeted approach, that was trying to steal JUST the information you are talking about, would have to watch for your process running, and take snapshots of that process memory, with enough information to know where the sensitive data would reside in there. I'm not saying that's impossible, but somebody would have had to write that, which would mean that they'd have to know a great deal about your particular program, then create an application that would harvest the data, then get it onto your computer. I'd say that the last part is the easiest, and it isn't easy.

[C-onze]

The Dictionary object that you created an assigned to tmpSecrets still exists and, in all likelihood, is assigned to a variable in the code that retrieved that property, so all the secret data is still accessible as long as that object exists. Even if you remove all references to that object, it still exists and so do the Strings it contains.

Well, setting the variables to Nothing does nothing for you. The variables, in this case, are reference types, which means that the variable holds nothing more than a reference to the actual object, which is sitting somewhere out in memory. All you did was erase the address, not the memory.

Thanks for the answers.
So if I understand correctly, after my application decrypt the byteArray, I can't really "hide" the result anymore.
Should I rather set the result to an object rather than decrypting the bytearray everytime I need to access it?

Sorry if i didn't use the correct terms and make my question confusing.

[wqweto]

For sensitive data your only choice is to use

Array.Clear(data, 0, data.Length);

. . . where byte[] data is a simple array as a continuous blob of data.

When you wrap/insert such blob in separate containers (like Dictionary, etc.) "wiping" the memory becomes much more complicated so probably not a good idea.

You can research how crypto classes in the framework do "data erasure". All of them have Clear method with this explicit purpose. Just take a look at such method impl on https://referencesource.microsoft.com/

You can wrap your sensitive data in a custom "self-wiping" class too (instead of Dictionary).

cheers,
</wqw>

[PlausiblyDamp]

https://docs.microsoft.com/en-us/dot...tframework-4.8 is worth knowing about if the decoded data is a string.