Groups | Search | Server Info | Login | Register
Groups > comp.lang.java.security > #308
| From | Lothar Kimmeringer <news200709@kimmeringer.de> |
|---|---|
| Newsgroups | comp.lang.java.security |
| Subject | Re: Zeroization and compiler optimization |
| Date | 2015-01-05 13:36 +0100 |
| Organization | Organization?! Only chaos here! |
| Message-ID | <4knliqvbk6hc$.dlg@kimmeringer.de> (permalink) |
| References | <m8br50$a9j$1@newsreader4.netcologne.de> |
Beloumi wrote:
> Sensitive data like keys and passwords should be zeroized immediately
> which is usually done by Arrays.fill(...).
> A compiler may treat this as dead code and it may be eliminated by an
> optimization.
> Does anybody knows if this is the case for common Java compilers like
> javac, ejc... ?
You can try it out by giving the created byte-code to a decompiler.
I don't expect that to happen but would be a bit concerned about
the Hotspot during runtime. This might throw out that particular
part of the code since it's analyzed to be dead.
Regards, Lothar
--
Lothar Kimmeringer E-Mail: spamfang@kimmeringer.de
PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)
Always remember: The answer is forty-two, there can only be wrong
questions!
--- news://freenews.netfront.net/ - complaints: news@netfront.net ---
Back to comp.lang.java.security | Previous | Next — Previous in thread | Next in thread | Find similar
Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-04 17:52 +0100
Re: Zeroization and compiler optimization Lothar Kimmeringer <news200709@kimmeringer.de> - 2015-01-05 13:36 +0100
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-06 12:55 +0100
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-06-12 09:34 +0200
Re: Zeroization and compiler optimization Mike Amling <mamling@chaff.us> - 2015-07-06 10:06 -0500
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-07-06 23:24 +0200
csiph-web