[jira] [Comment Edited] (SSHD-709) All passwords should be stored as char[] instead of String and wiped after use

Fri, 25 Nov 2016 05:57:09 -0800 

    [ 
https://issues.apache.org/jira/browse/SSHD-709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15594922#comment-15594922
 ] 

Goldstein Lyor edited comment on SSHD-709 at 11/25/16 1:55 PM:
---------------------------------------------------------------

While the idea is valid, I am not sure it is feasible - after all, users are 
likely to use {{String}}-s as they are the most useful (e.g., reading from 
files, keyboard, etc.), so even if SSHD is eventually provided with {{char[]}} 
the _String_ from which it originated is still there. Furthermore, the password 
identity of the client session must be stored anyway, so dumping the memory 
would show the password even if stored as {{char[]}}. I am not sure the 
vulnerability can really be mitigated if using {{char[]}} instead of 
_String_(s). I have added (separate branch still under development) some 
methods to {{Buffer}} (see _putChars_, _putAndWipeChars/Bytes_) in case we 
pursue this. I have tried to modify _UserInteraction_ and other password 
related code to use a {{char[]}} instead of a {{String[]}} but abandoned the 
idea as the revolution in the code did not seem worth the evolution in it.


was (Author: lgoldstein):
While the idea is valid, I am not sure it is feasible - after all, users are 
likely to use {{String}}-s as they are the most useful (e.g., reading from 
files, keyboard, etc.), so even if SSHD is eventually provided with {{char[]}} 
the _String_ from which it originated is still there. Furthermore, the password 
identity of the client session must be stored anyway, so dumping the memory 
would show the password even if stored as {{char[]}}. I am not sure the 
vulnerability can really be mitigated if using {{char[]}} instead of 
_String_(s). I have added (separate branch still under development) some 
methods to {{Buffer}} (see _putChars_, _putAndWipeChars/Bytes_) in case we 
pursue this. I have tried to modify_UserInteraction_ and other password related 
code to use a {{char[]}} instead of a {{String[]}} but abandoned the idea as 
the revolution in the code did not seem worth the evolution in it.

> All passwords should be stored as char[] instead of String and wiped after use
> ------------------------------------------------------------------------------
>
>                 Key: SSHD-709
>                 URL: https://issues.apache.org/jira/browse/SSHD-709
>             Project: MINA SSHD
>          Issue Type: Improvement
>            Reporter: Guillaume Nodet
>            Priority: Minor
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to