You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2016/10/21 12:18:58 UTC

[jira] [Comment Edited] (SSHD-709) All passwords should be stored as char[] instead of String and wiped after use

    [ https://issues.apache.org/jira/browse/SSHD-709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15594922#comment-15594922 ] 

Goldstein Lyor edited comment on SSHD-709 at 10/21/16 12:18 PM:
----------------------------------------------------------------

While the idea is valid, I am not sure it is feasible - after all, users are likely to use {{String}}-s as they are the most useful (e.g., reading from files, keyboard, etc.), so even if SSHD is eventually provided with {{char[]}} the _String_ from which it originated is still there. Furthermore, the password identity of the client session must be stored anyway, so dumping the memory would show the password even if stored as {{char[]}}. I am not sure the vulnerability can really be mitigated if using {{char[]}} instead of _String_(s). I have added (separate branch still under development) some methods to {{Buffer}} (see _putChars_, _putAndWipeChars/Bytes_) in case we pursue this, and have modified _UserInteraction_ to use a {{List<char[]>}} instead of a {{String[]}} but this is as far as I can see this being useful.


was (Author: lgoldstein):
While the idea is valid, I am not sure it is feasible - after all, users are likely to use {{String}}-s as they are the most useful (e.g., reading from files, keyboard, etc.), so even if SSHD is eventually provided with {{char[]}} the _String_ from which it originated is still there. Furthermore, the password identity of the client session must be stored anyway, so dumping the memory would show the password even if stored as {{char[]}}. I am not sure the vulnerability can really be mitigated if using {{char[]}} instead of _String_(s). I have added some methods to {{Buffer}} (see _putChars_, _putAndWipeChars/Bytes_) in case we pursue this, and have modified _UserInteraction_ to use a {{List<char[]>}} instread of a {{String[]}} but this is as far as I can see this being useful.

> All passwords should be stored as char[] instead of String and wiped after use
> ------------------------------------------------------------------------------
>
>                 Key: SSHD-709
>                 URL: https://issues.apache.org/jira/browse/SSHD-709
>             Project: MINA SSHD
>          Issue Type: Improvement
>            Reporter: Guillaume Nodet
>            Assignee: Goldstein Lyor
>            Priority: Minor
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)