{"id":16495038,"url":"https://github.com/undergroundwires/safeorbit","last_synced_at":"2025-03-21T08:30:32.679Z","repository":{"id":40898560,"uuid":"71800436","full_name":"undergroundwires/SafeOrbit","owner":"undergroundwires","description":"Protect your memory .NET 🛡️ Memory protection library for .NET Framework and .NET Core.","archived":false,"fork":false,"pushed_at":"2022-12-08T09:28:49.000Z","size":20060,"stargazers_count":30,"open_issues_count":6,"forks_count":5,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-01T04:13:50.026Z","etag":null,"topics":["binary-protection","cryptography","detect-injections","hashing","memory-injection","string-protection","wiki"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/undergroundwires.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-24T15:00:16.000Z","updated_at":"2025-01-25T21:31:02.000Z","dependencies_parsed_at":"2023-01-25T05:45:35.936Z","dependency_job_id":null,"html_url":"https://github.com/undergroundwires/SafeOrbit","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2FSafeOrbit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2FSafeOrbit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2FSafeOrbit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/undergroundwires%2FSafeOrbit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/undergroundwires","download_url":"https://codeload.github.com/undergroundwires/SafeOrbit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244120747,"owners_count":20401173,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary-protection","cryptography","detect-injections","hashing","memory-injection","string-protection","wiki"],"created_at":"2024-10-11T14:27:15.014Z","updated_at":"2025-03-21T08:30:31.041Z","avatar_url":"https://github.com/undergroundwires.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"\r\n\r\n\r\n\u003cimg align=\"left\" src=\"https://raw.githubusercontent.com/undergroundwires/SafeOrbit/master/docs/img/logo/logo_60x60.png\"\u003e \r\n\r\n# **SafeOrbit** - Protect your memory in .NET\r\n\r\n[![NuGet Status](https://img.shields.io/nuget/v/SafeOrbit.svg?style=flat)](https://www.nuget.org/packages/SafeOrbit/) ![Build status](https://github.com/undergroundwires/SafeOrbit/workflows/Build%20\u0026%20test/badge.svg) [![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/undergroundwires/SafeOrbit/issues)\r\n\r\n## What\r\n\r\n**SafeOrbit** is an advanced [**memory protection**](#memory-security) library with easy to use classes.\r\n\r\n* Protects your strings in memory while allowing you to securely compare \u0026 modify them with [SafeString](https://github.com/undergroundwires/SafeOrbit/wiki/SafeString).\r\n* Protects your binary data with [SafeBytes](https://github.com/undergroundwires/SafeOrbit/wiki/SafeBytes).\r\n* Anti injection module safeguards your application against memory injections and timing attacks using [SafeObject](https://github.com/undergroundwires/SafeOrbit/wiki/SafeObject), [SafeContainer](https://github.com/undergroundwires/SafeOrbit/wiki/SafeObject) (injection aware DI container) and [more](https://github.com/undergroundwires/SafeOrbit/wiki).\r\n* Leverages high performance and secure algorithms for [encryption, hashing and random](#cryptography) in interfaces that makes it much hard to screw up.\r\n\r\n## Why\r\n\r\n* You want to secure strings in memory and modify \u0026 compare them without revealing them in memory.\r\n* You want to take advantage of security best-practices without having any cryptology knowledge.\r\n* You want to use high-performance algorithms in .NET such as `Murmur32` hashing and `Blowfish` encryption.\r\n* You do not trust OS generated crypto randoms and want direct access to entropy hashes or non-OS PNRG seeded by them.\r\n\r\n## Want to say thanks? :beer:\r\n\r\nHit the :star: star :star: button\r\n\r\n## Contribute\r\n\r\nFeel free to contribute by joining the coding process or opening [issues](https://github.com/undergroundwires/safeOrbit/issues). [Read more on wiki](https://github.com/undergroundwires/SafeOrbit/wiki/Contribute).\r\n\r\n## License\r\n\r\n[This project is MIT Licensed](LICENSE). It means that you're free to use **SafeOrbit** freely in any application, copy, and modify its code.\r\n\r\n\u003e It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience.\r\n\u003e -[Auguste Kerckhoffs](https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle)\r\n\r\n# Quick Documentation\r\n\r\n[Visit wiki for full documentation](https://github.com/undergroundwires/SafeOrbit/wiki)\r\n\r\n## Memory security\r\n\r\n### SafeString \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/SafeBytes)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\n* `SafeString` represents an encrypted string that guarantees to not leak your data in the memory while allowing modifications and comparisons.\r\n* It has more advantages over `System.Security.SecureString` because of the security design of the **SafeOrbit**.\r\n\r\n#### SafeString vs [System.Security.SecureString](https://msdn.microsoft.com/en-us/library/system.security.securestring(v=vs.110).aspx)\r\n\r\n|                              | SecureString | SafeString |\r\n|-----------------------------:|:------------:|:----------:|\r\n|  Supports multiple encodings |       ✖     |     ✔      |\r\n|      Safely character insert |       ✖     |     ✔      |\r\n|      Safely character remove |       ✖     |     ✔      |\r\n|                Safely equals |       ✖     |     ✔      |\r\n|              Safely retrieve |       ✖     |     ✔      |\r\n|      Reveal only single char |       ✖     |     ✔      |\r\n|         Unlimited characters |       ✖     |     ✔      |\r\n|     Timing attack protection |       ✖     |     ✔      |\r\n\r\n### SafeBytes \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/SafeBytes)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\n* `SafeBytes` is protected sequence of bytes in memory.\r\n* It's a lower level module used by `SafeString`.\r\n* You can hide any data from the memory, then modify and compare them safely without revealing the bytes.\r\n\r\n## Detect injections\r\n\r\n* You can detect injections for any of your `.NET` class including their\r\n  * the state (data in the memory)\r\n  * code that's loaded in memory\r\n* Internal protection for `SafeOrbit` library be **enabled as default**.\r\n  * You can disable it to gain more performance [by changing SafeOrbit's security settings](https://github.com/undergroundwires/SafeOrbit/wiki/Library-settings#change-security-settings).\r\n\r\n### SafeObject \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/SafeObject)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\nAn object that can detect memory injections to itself.\r\n\r\n```C#\r\n    var safeObject = new SafeObject\u003cCustomer\u003e();\r\n    // Each change to the object's state or code must be using ApplyChanges\r\n    safeObject.ApplyChanges((customer) =\u003e customer.SensitiveInfo = \"I'm protected!\");\r\n    // Retrieve safe data\r\n    var safeInfo = safeObject.Object.SensitiveInfo; // returns \"I'm protected!\" or alerts if any injection is detected\r\n```\r\n\r\n### SafeContainer \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/SafeContainer)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\n* **`SafeContainer`** is a dependency container that detects and notifies injections to its instances.\r\n* It's security mode can be changed dynamically.\r\n\r\n### InjectionDetector \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/InjectionDetector)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\n* A service that's consumed by `SafeContainer` and `SafeObject`.\r\n* Lowest level of the injection detection and alerting mechanism.\r\n\r\n## Cryptography\r\n\r\n### Encryption \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/Encryption)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\nSupported:\r\n\r\n* Asynchronous encryption using [cryptostream](https://msdn.microsoft.com/en-us/library/hh472379(v=vs.110).aspx)s.\r\n* `ISafeEncryptor` a.k.a. **AES-256**\r\n  * Considered as one of the strongest encryption algorithms.\r\n  * Easy-to-use interface using best-practices such as PBKDF2 key derivation, random IV, salt and PKCS7 padding.\r\n* `IFastEncryptor` a.k.a. **Blowfish**\r\n  * Considered as one of the fastest encryption algorithms.\r\n  * ECB \u0026 CBC (with IV) implementation that passes the vector tests.\r\n\r\n### Hashers \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/Hashers)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\nSupported :\r\n\r\n* `ISafeHasher` a.k.a. **SHA512** for higher security.\r\n* `IFastHasher` a.k.a. **MurmurHash (Murmur32)** for better performance, it should be seeded and salted.\r\n\r\n### Random \u003csub\u003e\u003csup\u003e[(wiki)](https://github.com/undergroundwires/SafeOrbit/wiki/Random)\u003c/sub\u003e\u003c/sup\u003e\r\n\r\n\u003e What if your OS crypto random has in any way been undermined (for example, by a nefarious government agency, or simple incompetence)?\r\n\r\n`SafeOrbit` guarantees not to reduce the strength of your crypto random. It has the ability to improve the strength of your crypto random:\r\n\r\n* `SafeRandom` combines different entropy sources\r\n* `FastRandom` is a simple wrapper around a PRNG, which uses `SafeRandom` for seed material.\r\n\r\n## Speed up\r\n\r\n* **For better performance**, it's **highly recommended** to start the application early in your application start with `SafeOrbitCore.Current.StartEarlyAsync();`.\r\n\r\n* Memory injection is enabled as default.\r\n  * It provides self security on client side applications, but on a protected server disabling the memory injection for more performance is recommended. [Read more on wiki](https://github.com/undergroundwires/SafeOrbit/wiki/Library-settings#change-security-settings).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fundergroundwires%2Fsafeorbit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fundergroundwires%2Fsafeorbit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fundergroundwires%2Fsafeorbit/lists"}