I have a password protected app which obviously requires a user password and from which I generate a hash. Although I read the password into a SecureString, I cannot hash it without exposing the raw string.
Exposing the string defeats the object of securing it. Any ideas how I can get out of doing this? This is the only place in the entire app where the users data is exposed in this way.Code:Public Function MD5Hash(ByVal str As SecureString) As Byte() 'Compute Hash Return MD5.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(PtrToStringBSTR(SecureStringToBSTR(str)))) End Function




Reply With Quote