Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.lang.java.security > #179

Re: passwords, Strings an

From "Wojtek" <wojtek@THRWHITE.remove-dii-this>
Subject Re: passwords, Strings an
Message-ID <mn.5abd7d89241bd5ee.70216@a.com> (permalink)
Newsgroups comp.lang.java.security
References <uhsnpdghaq12.dlg@kimmeringer.de>
Date 2011-04-27 16:08 +0000
Organization TDS.net

Show all headers | View raw

  To: comp.lang.java.security
Lothar Kimmeringer wrote :
> Wojtek wrote:

>> However a String which is created while the application is running 
>> (user entered, read from file, HTML parameters) does not get put into 
>> the string pool.
> That's not true as you can see above.

Hey, this is not a wasted day, I just learned something!

> There not kept there forever, i.e. if no reference points to the
> element in the pool it can be garbage collected. The problem
> is that you can't control the Garbage Collector and its decision
> if a specific element in the String-pool should be garbage
> collected or not.

True.

And I forget to mention the memory swap file. Which would be an easier 
point of access.

>> And there is no easy way to determine what a series of characters 
>> represents in memory.
>
> Security by Obscuity doesn't work.

True. Though it does slow the attacker down. Which is the ultimate goal 
anyway. There is no encryption system in existance which cannot be 
cracked eventually. You can only strech the time it takes.

Hopefully the cracking time will be longer than the lifetime of the 
sensitivity of the information.

And then some all-knowing C-level PHB will copy the data in clear onto 
his USB key "for convienience" and lose it in a washroom at the strip 
club...

-- 
Wojtek :-)

---
 * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24

Back to comp.lang.java.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

passwords, Strings and me "Fred" <fred@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
  Re: passwords, Strings an "Lothar Kimmeringer" <lothar.kimmeringer@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
    Re: passwords, Strings an "Fred" <fred@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
      Re: passwords, Strings an "Lothar Kimmeringer" <lothar.kimmeringer@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
      Re: passwords, Strings an "Wojtek" <wojtek@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
        Re: passwords, Strings an "Lothar Kimmeringer" <lothar.kimmeringer@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
          Re: passwords, Strings an "Wojtek" <wojtek@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
        Re: passwords, Strings an "Fred" <fred@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
          Re: passwords, Strings an "Maarten Bodewes" <maarten.bodewes@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000

csiph-web