Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.security > #253

Re: secure erasure of Java key/password buffers

From Bent C Dalager <bcd@pvv.ntnu.no>
Newsgroups comp.lang.java.security
Subject Re: secure erasure of Java key/password buffers
Date 2012-07-17 14:15 +0000
Organization Norwegian university of science and technology
Message-ID <slrnk0assn.uji.bcd@microbel.pvv.ntnu.no> (permalink)
References <a08babb4-5513-4d31-bc00-d2937640c1fc@googlegroups.com>

Show all headers | View raw

On 2012-07-17, mortadelo <mortadelode@googlemail.com> wrote:
> Hi everybody,
>
> I’ve just stumbled across some crypto interface code written in Java where buffers of (sensitive) data/keys are not explicitly erased (zeroed out) after use. Coming from a C programming background where explicit zeroing out of memory after use is highly recommended, I’m wondering whether this should also be done in Java. I understand that it’s impossible to guarantee efficient erasure of all possible instances of a data object in Java.

If you are going to pursue this then you should first decide what
degree of perfection you demand. Even C cannot guarantee that a
deleted piece of information is in fact deleted, because the language
cannot know of any copies that might exist in page files, swap files,
caches, etc. You need the active participation of the OS to make sure
such copies are deleted, and even the OS cannot know if its various
storage devices contain extraneous copies of the information (such as
routinely happens on an SSD for instance). For /this/ you would need
the active participation of the hardware drivers and ultimately the
hardware itself.

Security can be infinitely expensive depending on your demands, so
having a clear idea what exactly your demands are is essential.
Personally I never quite understood the purpose of the char[]
replacement for JPasswordField.getText() because with all the object
copying, paging, caching and other shenanigans that happen all the
time in a modern computer, zeroing out the char array seems like such
a very very weak form of security. But perhaps very very weak is just
exactly what is called for in some area or other that I am not
familiar with.

Cheers,
	Bent D
-- 
Bent Dalager - bcd@pvv.org - http://www.pvv.org/~bcd
                                    powered by emacs

Back to comp.lang.java.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

secure erasure of Java key/password buffers mortadelo <mortadelode@googlemail.com> - 2012-07-17 00:28 -0700
  Re: secure erasure of Java key/password buffers Bent C Dalager <bcd@pvv.ntnu.no> - 2012-07-17 14:15 +0000
  Re: secure erasure of Java key/password buffers Roedy Green <see_website@mindprod.com.invalid> - 2012-07-17 09:27 -0700
  Re: secure erasure of Java key/password buffers Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2012-07-17 21:43 +0200

csiph-web