tomaswolf commented on pull request #128: URL: https://github.com/apache/mina-sshd/pull/128#issuecomment-623151079
Re char[] vs String: at least I can clear a char[] once the password isn't needed anymore. With a String I cannot do so, and sensitive data (the user-entered passphrase) can survive in memory for unspecified amounts of time, which some people consider a security risk. If I were to write some ssh-keygen clone in Java, I might use Console.readPassword() to get the passphrase from the user and have char[] throughout. But I won't insist; if you prefer String, we can also drop this. Re: API using SecureByteArrayOutputStream: again, limit leaking sensitive data (especially when one writes an unencrypted private key). Forces a user to use a mechanism to write keys to files as shown in the test: once the file is written, the byte array is cleared. (And the test doesn't use a buffered stream but a Channel directly.) With a general OutputStream it might be a tad simpler to write a key to a file, but one has no control over the various buffers involved. But again, feel free to change this to plain OutputStream, maybe with a recommendation in the javadoc so use some secure stream. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
