[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
  Web www.spinics.net

Re: [GNU Crypto] Passwords Immutable?

Hash: SHA1

>>>>> "Bryan" == Bryan Hoover <bhoover@xxxxxxxx> writes:

Bryan> So there may be a couple of minor implementation questions:

Bryan> 1.  Should Password make a copy?

I think it should in the constructor, and probably a (byte[],int,int)
constructor should be added.

Bryan> 2.  Should SRPClient this.password be char[] or Password?

I'd say Password, because if Password.destroy() is called we wouldn't
want a variable to change on us without notice.

Bryan> Finally, I wasn't sure whether to throw an exception on
Bryan> password access attempts subsequent to calling destroy().  I do
Bryan> not.

Probably an `IllegalStateException' is appropriate when getPassword is
called on a destroyed object. It's arguably better then letting code
use erased passwords, and failing in difficult-to-understand ways.

Bryan> Sorry so wordy.

Bryan> Feel free to use or not -- though I hope you will.  I can also
Bryan> add the code to pivot (and whatever else) relative to which
Bryan> password property use if you want to go with the additional
Bryan> property option for compatibility.  I had fun doing it, and
Bryan> will use it in my compile.

We'd need copyright assignment in order to include these patches. But
this is a really simple thing to do, so I can implement this myself.
That is, of course, unless you have a desire to contribute more ;)

- -- 
Casey Marshall || csm@xxxxxxx
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>


gnu-crypto-discuss mailing list

[Home]     [Gnu Classpath]     [Linux Kernel]     [Linux Cryptography]     [Fedora]     [Fedora Directory]     [Red Hat Development]     [Red Hat 9 Bible]     [Fedora Bible]     [Red Hat 9]     [Network Security Reading]

  Powered by Linux