[Cryptography] Heartbleed and fundamental crypto programming practices
Twan van der Schoot
nanitous at xs4all.nl
Fri Apr 11 13:39:53 EDT 2014
Why not designed your system around StringBuffer rather than String.
It has the advantage that its access is synchronized. If you need the access speed (which I sincerely doubt), use StringBuilder, its functionality is similar to StringBuffer, but not sync'ed.
On 11 apr. 2014, at 15:57, ianG <iang at iang.org> wrote:
> On 10/04/2014 07:15 am, Jerry Leichter wrote:
>
>> ...Also, since String's are immutable in Java, you have the problem that even if you know you've got sensitive data you no longer need stored in a String ... there's nothing you can do to get rid of it.)
>
> That problem - exactly, does anyone know a solution in Java to cleansing
> Strings?
>
> (I write the password, etc code in byte[] but sometimes one has to have
> a String, such as asking the user for some input, .. like a password.)
Using which interface?
/Twan
>
> iang
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list