[jira] [Commented] (KAFKA-17014) ScramFormatter should not use String for password.

Thu, 20 Jun 2024 23:00:04 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-17014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17856666#comment-17856666
 ] 

Tsz-wo Sze commented on KAFKA-17014:
------------------------------------

I suggest the following changes:
{code}
@@ -88,11 +92,11 @@ public class ScramFormatter {
         return result;
     }
 
-    public static byte[] normalize(String str) {
-        return toBytes(str);
+    public static byte[] normalize(char[] chars) {
+        return toBytes(chars);
     }
 
-    public byte[] saltedPassword(String password, byte[] salt, int iterations) 
throws InvalidKeyException {
+    public byte[] saltedPassword(char[] password, byte[] salt, int iterations) 
throws InvalidKeyException {
         return hi(normalize(password), salt, iterations);
     }
 
@@ -168,11 +172,20 @@ public class ScramFormatter {
         return toBytes(secureRandomString(random));
     }
 
+    public static byte[] toBytes(char[] chars) {
+      final CharsetEncoder encoder =  StandardCharsets.UTF_8.newEncoder();
+      try {
+        return encoder.encode(CharBuffer.wrap(chars)).array();
+      } catch (CharacterCodingException e) {
+        throw new IllegalStateException("Failed to encode " + 
Arrays.toString(chars), e);
+      }
+    }
+
     public static byte[] toBytes(String str) {
         return str.getBytes(StandardCharsets.UTF_8);
     }
 
-    public ScramCredential generateCredential(String password, int iterations) 
{
+    public ScramCredential generateCredential(char[] password, int iterations) 
{
         try {
             byte[] salt = secureRandomBytes();
             byte[] saltedPassword = saltedPassword(password, salt, iterations);
{code}


> ScramFormatter should not use String for password.
> --------------------------------------------------
>
>                 Key: KAFKA-17014
>                 URL: https://issues.apache.org/jira/browse/KAFKA-17014
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>            Reporter: Tsz-wo Sze
>            Priority: Major
>
> Since String is immutable, there is no easy way to erase a String password 
> after use.  We should not use String for password.  See also  
> https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to