The Char[] Cult
The article discusses the risks associated with storing sensitive information in Java Strings. It emphasizes that if a machine is compromised, the data can be accessed regardless of how it is stored. The author argues that using char[] for sensitive data does not provide significant protection against real-world attacks.
- ▪Storing sensitive information in a String can lead to security vulnerabilities due to the JVM's String pool.
- ▪Compromised machines can expose sensitive data regardless of storage methods.
- ▪Using char[] for sensitive data does not guarantee protection from attackers if other vulnerabilities exist.
Opening excerpt (first ~120 words) tap to expand
I'm sure you've heard it before. "Never store sensitive information in a String because it can be stored on the heap indefinitely in the JVM's String pool and zeroing it out might not erase it." If someone is dumping the heap of a JVM, they're executing code locally on your machine. Whether they got access to JMX ports or added a Java instrumentation agent or LD_PRELOADed something in or have root on the machine doesn't matter. They compromised your machine, and you can only cover your ass at this point. Next, if your program is dealing with ANY requests from the Internet, congratulations, that potentially sensitive data is getting stored as, you guessed it, a String. Next, go open your computer settings and check how much of the memory is being swapped to the disk.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Feds-will-find.
Discussion
0 commentsMore from Feds-will-find
