6

We already know about this suggestion/practice to use char[] instead of String for sensitive data. There is multiple reasons for it. One is to clean up the sensitive data right after they are not needed anymore: 

char[] passwd = passwordProvider.getKeyStorePassword();
KeyStore keystore = KeyStore.getInstance("JKS");
// TODO: Create the input stream;
keystore.load(inputstream, passwd);
System.arraycopy(new char[passwd.length], 0, passwd, 0, passwd.length);
// Please continue...

Now the question: does it (i.e. using char[]) make sense (specifically the point mentioned above), when the sensitive data comes to you originally as String value? for example: 

char[] passwd = passwordProvider.getKeyStorePassword().toCharArray();
KeyStore keystore = KeyStore.getInstance("JKS");
// TODO: using the passwd, load the keystore;
System.arraycopy(new char[passwd.length], 0, passwd, 0, passwd.length);
// Please continue...

Thanks in advance.

UPDATE2: I'll rephrase the question: in this specific context (forget about changes in future or anything else), does the line "clearing the content of char array" do any good?

UPDATE1: it's not a duplication of Why is char[] preferred over String for passwords? I know what the story is. I'm asking in this specific context, does it still make sense?

asked Feb 3, 2017 at 9:50
4
  • 2
    Possible duplicate of Why is char[] preferred over String for passwords? Commented Feb 3, 2017 at 9:51
  • I think it makes some sense. It's better to have more security shields. Also, it'll ensure that if you ever switch to different password provider, you don't have to change your code. Commented Feb 3, 2017 at 9:53
  • You're right. But I wanted to learn if it makes sense in this specific context, to which the answer is no, not much. Commented Feb 4, 2017 at 9:29
  • 1
    As a late aside, Arrays.fill(passwd, '0円') is a better way to zero out an array because it avoids creating a new array. Commented Nov 21, 2022 at 10:39

1 Answer 1

6

It seems to me that it's a security problem in the design of the API of the password provider that it returns a String.

But, if you have to work with that API, converting to char[] immediately means that you aren't preventing the String instance from being GC'd, because you're not holding a reference to it for any longer than is absolutely necessary.

So, it makes sense to use char[] here because you "aren't making it worse".

answered Feb 3, 2017 at 9:58
Sign up to request clarification or add additional context in comments.

8 Comments

We're close to what I'd like to learn: converting to char[] immediately. Does it change anything at low level if I store the result of the getKeyStorePassword method in a String variable first, and then convert it char[]. From what I understand it should not make any different. Is it right? (Assume no changes is allowed anywhere anytime)
@Rad invoking a.b().c() stores the result of a.b() on the stack, and then invokes c() on that. This is basically the same as putting it in a variable. The point is that if you have an explicit variable containing that intermediate result, you can - intentionally or otherwise - do something with it that causes it to leak. You can be diligent and carefully scrutinize your code to ensure this doesn't happen, or just not create the variable in the first place, thus not allowing the leakage to occur.
Of course, nothing stops you building another String from the char[] before you zero it out...
Got it. thanks. just a clarification: ... stores the result of a.b() on the stack. I think you mean a reference of the result (in heap since it's not primitive) will be stored in the stack. right?
Yes, that's what I meant.
|

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.