Home arrow static arrow Java Programming [Archive] - Secure Deletion of Character Array
Warning: Creating default object from empty value in /www/htdocs/w008deb8/wiki/components/com_staticxt/staticxt.php on line 51
Java Programming [Archive] - Secure Deletion of Character Array
This topic has 24 replies on 2 pages.    1 | 2 | Next »

Posts:9
Registered: 6/4/04
Secure Deletion of Character Array  
Aug 2, 2004 1:48 PM



 
It is knownw that passwords should not stored as strings in memory, for multiple reasons, immutability, and unknown trash collection intervals etc.

The suggested method is to use a character array. I am currently implementing such a solution, but now i am at a loss on how to securely clear a character array that once contained a password.

Thank you

-Jon
 

Posts:1,888
Registered: 22/08/01
Re: Secure Deletion of Character Array  
Aug 2, 2004 1:53 PM (reply 1 of 24)



 
this has got me wondering,

it is knownw that passwords should not stored as strings in memory
never heard of this, could you elaborate ?

The suggested method is to use a character array.

If a string is unsave then a char array will be equally unsave

on how to securely clear a character array
yourarray=null;
 

Posts:2,206
Registered: 8/15/02
Re: Secure Deletion of Character Array  
Aug 2, 2004 2:05 PM (reply 2 of 24)



 
But that only makes it eligible for gc.
 

Posts:9
Registered: 6/4/04
Re: Secure Deletion of Character Array  
Aug 2, 2004 2:26 PM (reply 3 of 24)



 
It was something i learned in an early java (CIS200) class. I can't find any articles specifically, buy this one mentions it: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/protect-secrets.html

If "=null" makes is eligible for garbage collection, then perhaps changing it to an arbitrary value then "=null" would be a (more)secure method. would that work?
 

Posts:1,085
Registered: 4/14/03
Re: Secure Deletion of Character Array  
Aug 2, 2004 2:33 PM (reply 4 of 24)



 
Arrays.fill(char[], char);

Use this to set all of the characters to '\0' or some other character if you prefer.

After that, it doesn't matter when the damned thing gets garbage collected.
 

Posts:37,103
Registered: 3/30/99
Re: Secure Deletion of Character Array  
Aug 2, 2004 2:36 PM (reply 5 of 24)



 
on how to securely clear a character array
yourarray=null;

No. You'd want to clear the individual elements. For example, Arrays.fill.
 

Posts:37,103
Registered: 3/30/99
Re: Secure Deletion of Character Array  
Aug 2, 2004 2:37 PM (reply 6 of 24)



 
If "=null" makes is eligible for garbage collection,
then perhaps changing it to an arbitrary value then
"=null" would be a (more)secure method. would that
work?

No. It makes no difference. Either way, you're just pointing the reference at sometning else (or at nothing, in the case of null). Neither one changes the contents of the array.
 

Posts:9
Registered: 6/4/04
Re: Secure Deletion of Character Array  
Aug 2, 2004 6:29 PM (reply 7 of 24)



 
Thank you. I got the Arrays.fill to work. A piece of advice that may save someone else a headache... be sure in import java.util.Arrays before attempting the above solution! I just cursed for 20mins, and as always, turned out to be something stupid and simple.
 

Posts:5,965
Registered: 5/17/03
Re: Secure Deletion of Character Array  
Aug 2, 2004 10:58 PM (reply 8 of 24)



 
Isn't it also important to keep the passwords encrypted at all times?
 

Posts:2,830
Registered: 9/1/03
Re: Secure Deletion of Character Array  
Aug 2, 2004 11:11 PM (reply 9 of 24)



 
Isn't it also important to keep the passwords
encrypted at all times?

but where/how are the kept before they are encrypted ?
 

Posts:5,965
Registered: 5/17/03
Re: Secure Deletion of Character Array  
Aug 2, 2004 11:26 PM (reply 10 of 24)



 
Isn't it also important to keep the passwords
encrypted at all times?

but where/how are the kept before they are encrypted ?

That's the 40.000 dollar question -:) Obviously they have to be kept in the open for some time but as swift as possible and that buffer of course should be cleared immediately after encryption. What I meant was that clearing buffers alone cannot be the whole answer to password protection.
 

Posts:2,830
Registered: 9/1/03
Re: Secure Deletion of Character Array  
Aug 2, 2004 11:32 PM (reply 11 of 24)



 
Isn't it also important to keep the passwords
encrypted at all times?

but where/how are the kept before they are encrypted
?

That's the 40.000 dollar question -:) Obviously they
have to be kept in the open for some time but as swift
as possible and that buffer of course should be
cleared immediately after encryption. What I meant was
that clearing buffers alone cannot be the whole answer
to password protection.

imo clearing the buffers is a bit of a strange answer to password protection
anyway because surely the attacker you are scared of could have been saving
your memory while you read in and processed the password ...
 

Posts:5,965
Registered: 5/17/03
Re: Secure Deletion of Character Array  
Aug 2, 2004 11:45 PM (reply 12 of 24)



 
imo clearing the buffers is a bit of a strange answer
to password protection
anyway because surely the attacker you are scared of
could have been saving
your memory while you read in and processed the
password ...

At some point the passwords enters memory in plain form and that must be a weak point.

But I think I understand now that it's important to even clear buffers with encrypted keywords to fend off hardcore attacks.
 

Posts:2,830
Registered: 9/1/03
Re: Secure Deletion of Character Array  
Aug 2, 2004 11:49 PM (reply 13 of 24)



 
imo clearing the buffers is a bit of a strange
answer
to password protection
anyway because surely the attacker you are scared of
could have been saving
your memory while you read in and processed the
password ...

At some point the passwords enters memory in plain
form and that must be a weak point.

But I think I understand now that it's important to
even clear buffers with encrypted keywords to fend off
hardcore attacks.

not really.

what is the attack scenario here ?

the attacker only has access to the memory of your machine after the password is processed ?

when does this occur ?
 

Posts:37,103
Registered: 3/30/99
Re: Secure Deletion of Character Array  
Aug 3, 2004 7:43 AM (reply 14 of 24)



 
what is the attack scenario here ?

the attacker only has access to the memory of your
machine after the password is processed ?

when does this occur ?

I would imagine that it's fairly unlikely scenario, but not impossible. For example, if this is a shared computer, the person who comes up behind me may peek around memory after my program has completed, and if no other program has incidentally overwritten those chars, the attacker can find them.

I think in this case it's really just more of a best practices issue though--don't allow the plaintext password to exist anywhere but in the principal's head any longer than is necessary.
 
This topic has 24 replies on 2 pages.    1 | 2 | Next »