[
https://issues.apache.org/jira/browse/SSHD-709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15594447#comment-15594447
]
Goldstein Lyor commented on SSHD-709:
-------------------------------------
The [why is char\[\] preferred over String for
passwords|http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords-in-java]
article has some good insights as to why this is true and how to achieve this.
Of course:
{quote}
there's still the time during which the char[] contains the actual characters
as an attack window.
{quote}
> All passwords should be stored as char[] instead of String and wiped after use
> ------------------------------------------------------------------------------
>
> Key: SSHD-709
> URL: https://issues.apache.org/jira/browse/SSHD-709
> Project: MINA SSHD
> Issue Type: Bug
> Reporter: Guillaume Nodet
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
