1

I was passing sensitive information (between my app and backend) like password in String format. Later on I realized that password can be easily read from heap memory dump as it is stored in text format. 

String password = "super_password";

So I decided to use Char array, 

Char[] passChar = password.toCharArray();

but I am worried that password can still be read from memory dump character by character. Then I thought of using byte array instead. 

byte[] passByte = password.getBytes();

My question: Is it safe to use byte array for passing sensitive information like password ? OR can anyone recommend anything secure ?

Improve this question
2
  • 2
    If it could still be read char by char, what's to stop the person doing that from reading it byte by byte and converting it back manually? Commented Dec 4, 2014 at 1:00
  • @Pokechu22 I believe he is referencing this. Commented Dec 4, 2014 at 1:08

4 Answers 4

Reset to default
2

Password-oriented APIs in Java use char[]. For example, Console and JPasswordField return character arrays from password input, and PBEKey and KeyStore require a char[] for password-based encryption.

Conversion between byte[] and char[] would create more copies of the sensitive data in the heap, and it could be difficult to ensure that the character encoder erased all password data from its internal buffers.

Use a char[] to store passwords, and write '\0' to the array as soon as the password is no longer necessary.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

chars are just multi-byte representations of characters, so a memory dump would give pretty much the same results. You should look into encrypting passwords for storage: as in this stackoverflow answer: Encrypt Password in Configuration Files? (Java)

Improve this answer

Comments

1

may be you can encrypt password by MD5 or other encryption.

package test.md5;

import java.security.MessageDigest;

public class MD5Util {
    public final static String MD5(String s) {
        char hexDigits[]={'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};       

        try {
            byte[] btInput = s.getBytes();
            // get MD5 MessageDigest obj
            MessageDigest mdInst = MessageDigest.getInstance("MD5");
            // update
            mdInst.update(btInput);
            // get encryption string
            byte[] md = mdInst.digest();
            // change to hexadecimal
            int j = md.length;
            char str[] = new char[j * 2];
            int k = 0;
            for (int i = 0; i < j; i++) {
                byte byte0 = md[i];
                str[k++] = hexDigits[byte0 >>> 4 & 0xf];
                str[k++] = hexDigits[byte0 & 0xf];
            }
            return new String(str);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static void main(String[] args) {
        System.out.println(MD5Util.MD5("20121221"));
        System.out.println(MD5Util.MD5("encrypt"));
    }
}
Improve this answer

3 Comments

md5 is not encryption.
my englishi is poor~~sorry
It's not just an issue of terminology (English). MD5 is a hashing algorithm. While there are some situations where passwords should be hashed, hashing is very different from encryption, in that the hashed data is not recoverable. So if we're trying to pass sensitive information from one place to another, hashing will not help unless you really don't need the information to be preserved.
0

I am assuming that this question primarily relates to transferring of the password from one process on one host to another process on another host but will cover reading in the password to a particular variable as well.

The assignment issue is not limited to just assigning the password to a String instance which suffers from the issues that have been detailed in other SF answers such as this. I would add that you use a char or byte array not in the global context but locally in a method context so that it goes out of scope quickly once the method is exited making it available for GC. If it the variable is in the young generation then multiple GC cycles would be required to clear it once it has gone out of scope. Plus char/byte[] are mutable so it can be cleared out as well. However there would be still an opportunity for the password to be recovered from a heap dump it one coincides with this time.

In short:

  1. NEver persist the password in clear text in the backend. [Use Hashing with salt. Detailed here.]
  2. Never transfer the password in clear text on a non-secure medium. [Use TLS between the hosts]
Improve this answer

1 Comment

@Lucky_Singh: If this info helped, then please help me in increasing my reputation by accepting and / or upvoting.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.