As you correctly deduced, and others already mentioned, it makes little sense to use SecureString to store security-sensitive data that comes from an ASP.NET form, because that data is already present in memory in plain text. There are other scenarios, however, where the use of SecureString is recommended, because the sensitive data is created by … Read more
Try crypto.randomBytes(): require(‘crypto’).randomBytes(48, function(err, buffer) { var token = buffer.toString(‘hex’); }); The ‘hex’ encoding works in node v0.6.x or newer.
Here’s a class I’ve written especially for this purpose. Is it completely, 100% hackproof? No – there’s very little you can do to make an application 100% safe, but this class goes about as far as you can to protect yourself if you need to convert a SecureString into a String. Here’s how you use … Read more
You are close, but the parameter you pass to SecureStringToBSTR must be a SecureString. You appear to be passing the result of ConvertFrom-SecureString, which is an encrypted standard string. So call ConvertTo-SecureString on this before passing to SecureStringToBSTR. $SecurePassword = ConvertTo-SecureString $PlainPassword -AsPlainText -Force $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword) $UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)