[Cryptography] Heartbleed and fundamental crypto programming practices

ianG iang at iang.org
Fri Apr 11 09:57:54 EDT 2014


On 10/04/2014 07:15 am, Jerry Leichter wrote:

> ...Also, since String's are immutable in Java, you have the problem that even if you know you've got sensitive data you no longer need stored in a String ... there's   nothing you can do to get rid of it.)

That problem - exactly, does anyone know a solution in Java to cleansing
Strings?

(I write the password, etc code in byte[] but sometimes one has to have
a String, such as asking the user for some input, .. like a password.)

iang


More information about the cryptography mailing list