wood burning stoves*
The moose likes Security and the fly likes password in memory Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "password in memory" Watch "password in memory" New topic
Author

password in memory

Jim Frank
Greenhorn

Joined: Mar 13, 2004
Posts: 27
I have to get rid of a password in memory after decrypted and used. The password is encypt and decrypt with JCE. I was thinking such:

StringBuffer x = Pass.decrypt();

//use it

for(d=0; d<x.length();d++)
x.setCharAt(d,'X');

x=null;

I guess I have to do the same thing to the decrypted password in the decrypt() method.

Any thoughts?
joseph edwards
Greenhorn

Joined: Nov 26, 2005
Posts: 12
You can store the encrypted password in the heap, and have each function that needs the password to decrypt the password as a local variable on the stack. As stack memory is very temporary unlike heap memory, the clear-text password will only be visible for a limited amount of time.

Originally posted by Jim Frank:
I have to get rid of a password in memory after decrypted and used. The password is encypt and decrypt with JCE. I was thinking such:

StringBuffer x = Pass.decrypt();

//use it

for(d=0; d<x.length();d++)
x.setCharAt(d,'X');

x=null;

I guess I have to do the same thing to the decrypted password in the decrypt() method.

Any thoughts?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: password in memory
 
Similar Threads
How return a string from java program to the shell which invokes thee java command
String Encryption
How to encrpt password -- Is the approach correct
No security in Java
Password encryption and decryption in java