Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.lang.java.security > #307

Zeroization and compiler optimization

Show key headers only | View raw

Sensitive data like keys and passwords should be zeroized immediately
which is usually done by Arrays.fill(...).
A compiler may treat this as dead code and it may be eliminated by an
optimization.
Does anybody knows if this is the case for common Java compilers like
javac, ejc... ?
And if so, would the following code prevent such optimizations?

Arrays.fill(input,  (byte) 0);
boolean success = true;
for (byte b : input) {
   if (b != 0) {
      success = false;
      break;
   }
}
if (success == false) {
   System.err.println("zeroization failed");
}

Back to comp.lang.java.security | Previous | Next — Next in thread | Find similar

Thread

Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-04 17:52 +0100
  Re: Zeroization and compiler optimization Lothar Kimmeringer <news200709@kimmeringer.de> - 2015-01-05 13:36 +0100
    Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-01-06 12:55 +0100
      Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-06-12 09:34 +0200
        Re: Zeroization and compiler optimization Mike Amling <mamling@chaff.us> - 2015-07-06 10:06 -0500
          Re: Zeroization and compiler optimization Beloumi <beloumi@riseup.net> - 2015-07-06 23:24 +0200

csiph-web