Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail From: mortadelo Newsgroups: comp.lang.java.security Subject: secure erasure of Java key/password buffers Date: Tue, 17 Jul 2012 00:28:23 -0700 (PDT) Organization: http://groups.google.com Lines: 25 Message-ID: NNTP-Posting-Host: 213.61.180.198 Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1342510218 16093 127.0.0.1 (17 Jul 2012 07:30:18 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 17 Jul 2012 07:30:18 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=213.61.180.198; posting-account=E1gYNAoAAABuTLjr00_20CNjAP6k2X3Z User-Agent: G2/1.0 Xref: csiph.com comp.lang.java.security:252 Hi everybody, I=92ve just stumbled across some crypto interface code written in Java wher= e buffers of (sensitive) data/keys are not explicitly erased (zeroed out) a= fter use. Coming from a C programming background where explicit zeroing out= of memory after use is highly recommended, I=92m wondering whether this sh= ould also be done in Java. I understand that it=92s impossible to guarantee= efficient erasure of all possible instances of a data object in Java. I=92m seeing two contradictory arguments here: =95 Explicit zeroing out of a memory object after use may considerab= ly reduce, ideally eliminate the likelihood/number of remaining object ins= tances with the original content. =95 Explicit zeroing out (i.e. alteration) of a memory object may ca= use the memory manager to explicitly create a new (additional) copy of the = original content. Hence, this action would not catch the initial instance o= f the data abject, but only create additional overhead. Does it make sense to distinguish between "simple" data types (e.g. an int = array with constant size) and "complex" data types (e.g. a string object)? = Do you know of any good research or reference about this? I haven=92t found= anything well investigated in the Internet. Both arguments exist. Thanks, Michael