| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Hello, Had a question. Thought I'd join the list. I'm integrating the SRP (client, and server) mechanism into a sourceforge project. It's been going without a hitch. Very nice. The question of String immutability came up -- Java String hangs around in memory indefinitly and this supposedly makes it vulnerable to memory sniffing. I've tracked down that the library uses a HashMap String property for the password. It's converted to a char array before processing. Anyone know whether there's anything to the notion that the String password in the HashMap could be sniffed by someone on the local network? Is it a serious problem? I'm playing around with the code at the moment, thinking about setting the property as a StringBuffer, or char array, and then doing the necessary conversion when the property is read by the lower level routines. Would be easy enough. OR, perhaps there's a way around this I've missed? I hope I havn't touched a nerve with this, as I'm joining the group blindly, without having read any of the messages for context or anything. I'm new to Java, so sorry if I'm off base with the String question. Regards, Bryan -- At least the vulture kept on pecking at Prometheus's liver, and Loki had the poison constantly dripping down on him; at least there was an interruption, however monotonous. - (Soren Kierkegaard - Either/Or) http://www.wecs.com/content.htm This signature file is generated by Pick-a-Tag ! Written by Jeroen van Vaarsel http://www.google.com/search?hl=en&ie=ISO-8859-1&q=pick-a-tag _______________________________________________ gnu-crypto-discuss mailing list gnu-crypto-discuss@xxxxxxx http://mail.nongnu.org/mailman/listinfo/gnu-crypto-discuss
[Home] [Gnu Classpath] [Linux Kernel] [Linux Cryptography] [Fedora] [Fedora Directory] [Red Hat Development] [Red Hat 9 Bible] [Fedora Bible] [Red Hat 9] [Network Security Reading]
|