Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.security > #308
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!goblin1!goblin2!goblin.stu.neva.ru!newsgate.cuhk.edu.hk!news.netfront.net!not-for-mail |
|---|---|
| From | Lothar Kimmeringer <news200709@kimmeringer.de> |
| Newsgroups | comp.lang.java.security |
| Subject | Re: Zeroization and compiler optimization |
| Date | Mon, 5 Jan 2015 13:36:42 +0100 |
| Organization | Organization?! Only chaos here! |
| Lines | 24 |
| Message-ID | <4knliqvbk6hc$.dlg@kimmeringer.de> (permalink) |
| References | <m8br50$a9j$1@newsreader4.netcologne.de> |
| Reply-To | news@kimmeringer.de |
| NNTP-Posting-Host | 93.135.127.128 |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="us-ascii" |
| Content-Transfer-Encoding | 7bit |
| X-Trace | adenine.netfront.net 1420461403 51492 93.135.127.128 (5 Jan 2015 12:36:43 GMT) |
| X-Complaints-To | news@netfront.net |
| NNTP-Posting-Date | Mon, 5 Jan 2015 12:36:43 +0000 (UTC) |
| User-Agent | 40tude_Dialog/2.0.15.1de |
| Xref | csiph.com comp.lang.java.security:308 |
Show key headers only | View raw
Beloumi wrote:
> Sensitive data like keys and passwords should be zeroized immediately
> which is usually done by Arrays.fill(...).
> A compiler may treat this as dead code and it may be eliminated by an
> optimization.
> Does anybody knows if this is the case for common Java compilers like
> javac, ejc... ?
You can try it out by giving the created byte-code to a decompiler.
I don't expect that to happen but would be a bit concerned about
the Hotspot during runtime. This might throw out that particular
part of the code since it's analyzed to be dead.
Regards, Lothar
--
Lothar Kimmeringer E-Mail: spamfang@kimmeringer.de
PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)
Always remember: The answer is forty-two, there can only be wrong
questions!
--- news://freenews.netfront.net/ - complaints: news@netfront.net ---
Back to comp.lang.java.security | Previous | Next — Previous in thread | Next in thread | Find similar
Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-04 17:52 +0100
Re: Zeroization and compiler optimization Lothar Kimmeringer <news200709@kimmeringer.de> - 2015-01-05 13:36 +0100
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-06 12:55 +0100
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-06-12 09:34 +0200
Re: Zeroization and compiler optimization Mike Amling <mamling@chaff.us> - 2015-07-06 10:06 -0500
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-07-06 23:24 +0200
csiph-web