Java Security Tip: Never Store Passwords in Strings
Using Java? You better handle your passwords in char arrays and if you're wondering why, I'll tell you all about it here!
Related: Tip No. 1 | Tip No. 2 | Tip No. 3 | Tip No. 4 | Tip No. 5 | Tip No. 6 | Tip No. 7 | Tip No. 8 | Tip No. 9 | Tip No. 10 | Eclipse Java Project Export | IP Change Management | Engineering Tip - DRY
If you've ever used Swing before, you might have wondered why the JPasswordField returns the password in a char array.
In order to understand this, we have to freshen up on the String class first. As you may know, the Java String class is immutable, meaning you cannot change its content once you've created it. Given that, once you got your password in the form of a String you will only need to use it in a certain location of your code, which is the authentication process. After which, you don't really need that String anymore.
Now you end up with an immutable String containing the password and it cannot be wiped, and it'll have to wait for GC, but had your String been inserted into the String pool, it won't ever be removed until the application is shut down.
So, when you use a char array, you will have more control over the password once you no longer need it, you can wipe the array and flag it for GC by nulling it. This approach only reduces the window of time during which an attacker might get hold of your password, but it is one more extra security measure into the right direction.
How would an attacker attempt to get your password, well, it is fairly simple. They install an agent on the victim's machine and attempt to dump the heap and analyze it for sensitive information. That's a high-level view on the subject. You can sure Google it and find out more if you are interested in learning about such types of attacks and what can be done to avoid them.
Related: Tip No. 1 | Tip No. 2 | Tip No. 3 | Tip No. 4 | Tip No. 5 | Tip No. 6 | Tip No. 7 | Tip No. 8 | Tip No. 9 | Tip No. 10 | Eclipse Java Project Export | IP Change Management | Engineering Tip - DRY
If you've ever used Swing before, you might have wondered why the JPasswordField returns the password in a char array.
In order to understand this, we have to freshen up on the String class first. As you may know, the Java String class is immutable, meaning you cannot change its content once you've created it. Given that, once you got your password in the form of a String you will only need to use it in a certain location of your code, which is the authentication process. After which, you don't really need that String anymore.
Now you end up with an immutable String containing the password and it cannot be wiped, and it'll have to wait for GC, but had your String been inserted into the String pool, it won't ever be removed until the application is shut down.
So, when you use a char array, you will have more control over the password once you no longer need it, you can wipe the array and flag it for GC by nulling it. This approach only reduces the window of time during which an attacker might get hold of your password, but it is one more extra security measure into the right direction.
How would an attacker attempt to get your password, well, it is fairly simple. They install an agent on the victim's machine and attempt to dump the heap and analyze it for sensitive information. That's a high-level view on the subject. You can sure Google it and find out more if you are interested in learning about such types of attacks and what can be done to avoid them.
Comments