Win a copy of Java Mock Exams (software) this week in the Programmer Certification (OCPJP) forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

password in memory

 
Jim Frank
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have to get rid of a password in memory after decrypted and used. The password is encypt and decrypt with JCE. I was thinking such:

StringBuffer x = Pass.decrypt();

//use it

for(d=0; d<x.length();d++)
x.setCharAt(d,'X');

x=null;

I guess I have to do the same thing to the decrypted password in the decrypt() method.

Any thoughts?
 
joseph edwards
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can store the encrypted password in the heap, and have each function that needs the password to decrypt the password as a local variable on the stack. As stack memory is very temporary unlike heap memory, the clear-text password will only be visible for a limited amount of time.

Originally posted by Jim Frank:
I have to get rid of a password in memory after decrypted and used. The password is encypt and decrypt with JCE. I was thinking such:

StringBuffer x = Pass.decrypt();

//use it

for(d=0; d<x.length();d++)
x.setCharAt(d,'X');

x=null;

I guess I have to do the same thing to the decrypted password in the decrypt() method.

Any thoughts?
 
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!