No idea. I may not use a printable character to zero a password.
Xuelei
On 8/23/2018 3:31 AM, Weijun Wang wrote:
I have no more comment.
As for fill(passwd, '\0'), maybe JVM can translate it to ZeroMemory() or
memset(0). In fact, I don't know why originally it was fill(passwd, '0'). I can
o
I made those minor edits in the end and pushed the changes. We should
examine usage of Arrays.fill(passwd, '0') in other parts of the JDK as a
follow up.
regards,
Sean.
On 22/08/2018 23:01, Seán Coffey wrote:
On 22 August 2018 19:22:49 IST, Ivan Gerasimov
wrote:
Hi Seán!
Just a minor com
I have no more comment.
As for fill(passwd, '\0'), maybe JVM can translate it to ZeroMemory() or
memset(0). In fact, I don't know why originally it was fill(passwd, '0'). I can
only guess that it can still be printed out as a normal string and if someone
misuse it there won't be a NPE. Who know
On 22 August 2018 19:22:49 IST, Ivan Gerasimov
wrote:
>Hi Seán!
>
>Just a minor comment.
>
>I don't know if it's even measurable in this context, but I was under
>impression that filling memory with zero *bytes* might be a slightly
>more efficient then filling with any other constant.
>
>May
Hi Seán!
Just a minor comment.
I don't know if it's even measurable in this context, but I was under
impression that filling memory with zero *bytes* might be a slightly
more efficient then filling with any other constant.
Maybe it is better to use Arrays.fill(passwd, '\0') instead of
Array
Thanks for reviewing. comments inline..
On 22/08/18 15:50, Weijun Wang wrote:
PBES2Core.java:
181 byte[] passwdBytes = key.getEncoded();
182 char[] passwdChars = null;
183 PBEKeySpec pbeSpec;
184 try {
185 if ((passwdBytes == null) ||
186
PBES2Core.java:
181 byte[] passwdBytes = key.getEncoded();
182 char[] passwdChars = null;
183 PBEKeySpec pbeSpec;
184 try {
185 if ((passwdBytes == null) ||
186 !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0,
3))) {
187
Ping. I'd like to push on with this review.
Regards,
Sean.
On 16/08/18 17:53, Seán Coffey wrote:
Find new webrev here Max :
http://cr.openjdk.java.net/~coffeys/webrev.8209129.v2/webrev/
regards :
MD4.java:
110 void implReset() {
Add @Override.
There's a whole bunch of annotations
Find new webrev here Max :
http://cr.openjdk.java.net/~coffeys/webrev.8209129.v2/webrev/
regards :
MD4.java:
110 void implReset() {
Add @Override.
There's a whole bunch of annotations missing in these files, I'd prefer
if it was fixed up with different bug ID.
another thing we're
Thanks for the review Max - comments inline..
Regards,
Sean.
On 10/08/18 11:53, Weijun Wang wrote:
HmacPKCS12PBESHA1.java:
76 byte[] passwdBytes = key.getEncoded();
77 if ((passwdBytes == null) ||
78 !(key.getAlgorithm().regionMatches(true, 0, "
HmacPKCS12PBESHA1.java:
76 byte[] passwdBytes = key.getEncoded();
77 if ((passwdBytes == null) ||
78 !(key.getAlgorithm().regionMatches(true, 0, "PBE", 0, 3)))
{
79 throw new InvalidKeyException("Missing password");
80
11 matches
Mail list logo
