You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Goldstein Lyor (JIRA)" <ji...@apache.org> on 2016/10/21 08:17:58 UTC

[jira] [Commented] (SSHD-709) All passwords should be stored as char[] instead of String and wiped after use

    [ https://issues.apache.org/jira/browse/SSHD-709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15594447#comment-15594447 ] 

Goldstein Lyor commented on SSHD-709:
-------------------------------------

The [why is char\[\] preferred over String for passwords|http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords-in-java] article has some good insights as to why this is true and how to achieve this. Of course:
{quote}
there's still the time during which the char[] contains the actual characters as an attack window.
{quote}

> All passwords should be stored as char[] instead of String and wiped after use
> ------------------------------------------------------------------------------
>
>                 Key: SSHD-709
>                 URL: https://issues.apache.org/jira/browse/SSHD-709
>             Project: MINA SSHD
>          Issue Type: Bug
>            Reporter: Guillaume Nodet
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)