CODEWITHSUNDEEP
java
someone
someone

Reputation: 6572

is it possible to take the password?

I have following code

public static void main(String[] args) {

    String plainTextpassword = "plaintextpassword";
    String encryptedPassword = getMd5Password(plainTextpassword);
}

Is there any possibility that someone can take my password before garbage collected, using memory dump or any way. If it is so how I can overcome it.

Upvotes: 2

Views: 112

Answers (2)

someone
someone

Reputation: 6572

According to fact I collected , using a char array (char []) is a best practices to store password because,

"Since Strings are immutable there is no way contents of Strings can be changed because any change will produce new String, while if you char[] you can still set all his element as blank or zero. So Storing password in character array clearly mitigates security risk of stealing password."

read more

Upvotes: 0

datenwolf
datenwolf

Reputation: 162164

Is there any possibility that someone can take my password before garbage collected , using memory dump or any way

Yes, and it's possible even after garbage collection, as the contents of the memory are not immediately overwritten. That's the bad news.

The good news is, that the OS should separate the address spaces between processes. I wrote should, because occassionally some bug is found that can be exploited to overcome this separation; however if such a bug is found, password protection is the least of your problem. So I'd not worry about that.

So the most severe thing to happen is, that something in your own program's process goes awol. This can be due to bugs in your code or because you use some library with some bugs. However if your program is bug-free (very unlikely though), and your OS is bug-free (also unlikely but still more likely than your own program being bug-free) then your password should be safe.

Upvotes: 1

Related Questions