Groups | Search | Server Info | Login | Register
Groups > comp.lang.java.security > #307
| From | Beloumi <beloumi@riseup.net> |
|---|---|
| Newsgroups | comp.lang.java.security |
| Subject | Zeroization and compiler optimization |
| Date | 2015-01-04 17:52 +0100 |
| Organization | news.netcologne.de |
| Message-ID | <m8br50$a9j$1@newsreader4.netcologne.de> (permalink) |
Sensitive data like keys and passwords should be zeroized immediately
which is usually done by Arrays.fill(...).
A compiler may treat this as dead code and it may be eliminated by an
optimization.
Does anybody knows if this is the case for common Java compilers like
javac, ejc... ?
And if so, would the following code prevent such optimizations?
Arrays.fill(input, (byte) 0);
boolean success = true;
for (byte b : input) {
if (b != 0) {
success = false;
break;
}
}
if (success == false) {
System.err.println("zeroization failed");
}
Back to comp.lang.java.security | Previous | Next — Next in thread | Find similar
Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-04 17:52 +0100
Re: Zeroization and compiler optimization Lothar Kimmeringer <news200709@kimmeringer.de> - 2015-01-05 13:36 +0100
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-06 12:55 +0100
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-06-12 09:34 +0200
Re: Zeroization and compiler optimization Mike Amling <mamling@chaff.us> - 2015-07-06 10:06 -0500
Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-07-06 23:24 +0200
csiph-web