Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.security > #254

Re: secure erasure of Java key/password buffers

From Roedy Green <see_website@mindprod.com.invalid>
Newsgroups comp.lang.java.security
Subject Re: secure erasure of Java key/password buffers
Date 2012-07-17 09:27 -0700
Organization Canadian Mind Products
Message-ID <3j4b085mad964tvtpc6sepndk21qpht13h@4ax.com> (permalink)
References <a08babb4-5513-4d31-bc00-d2937640c1fc@googlegroups.com>

Show all headers | View raw

On Tue, 17 Jul 2012 00:28:23 -0700 (PDT), mortadelo
<mortadelode@googlemail.com> wrote, quoted or indirectly quoted
someone who said :

>Hi everybody,
>
>I’ve just stumbled across some crypto interface code written in Java
 where buffers of (sensitive) data/keys are not explicitly erased
(zeroed out) after use. Coming from a C programming background where
explicit zeroing out of memory after use is highly recommended, I’m
wondering whether this should also be done in Java. I understand that
it’s impossible to guarantee efficient erasure of all possible
instances of a data object in Java.
>
>I’m seeing two contradictory arguments here:
>•        Explicit zeroing out of a memory object after use may considerably reduce,
 ideally eliminate  the likelihood/number of remaining object
instances with the original content.
>•        Explicit zeroing out (i.e. alteration) of a memory object may cause the
 memory manager to explicitly create a new (additional) copy of the
original content. Hence, this action would not catch the initial
instance of the data abject, but only create additional overhead.
>
>Does it make sense to distinguish between "simple" data types
 (e.g. an int array with constant size) and "complex" data types (e.g.
a string object)? Do you know of any good research or reference about
this? I haven’t found anything well investigated in the Internet. Both
arguments exist.
>
>
>Thanks, Michael

IIRC I saw some Sun code where a password word stored in a char[]
rather than a string to make it possible to erase it so that it could
not be found even a core dump.  Of course that presumes the password
came from the keyboard, not from a static final String in the program.
-- 
Roedy Green Canadian Mind Products
http://mindprod.com
The greatest shortcoming of the human race is our inability to understand the exponential function. 
 ~ Dr. Albert A. Bartlett (born: 1923-03-21 age: 89)
http://www.youtube.com/watch?v=F-QA2rkpBSY

Back to comp.lang.java.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

secure erasure of Java key/password buffers mortadelo <mortadelode@googlemail.com> - 2012-07-17 00:28 -0700
  Re: secure erasure of Java key/password buffers Bent C Dalager <bcd@pvv.ntnu.no> - 2012-07-17 14:15 +0000
  Re: secure erasure of Java key/password buffers Roedy Green <see_website@mindprod.com.invalid> - 2012-07-17 09:27 -0700
  Re: secure erasure of Java key/password buffers Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2012-07-17 21:43 +0200

csiph-web