[Cryptography] Heartbleed and fundamental crypto programming practices
ianG
iang at iang.org
Fri Apr 11 17:02:26 EDT 2014
Hi Twan,
On 11/04/2014 13:39 pm, Twan van der Schoot wrote:
> Why not designed your system around StringBuffer rather than String.
>
> It has the advantage that its access is synchronized. If you need the access speed (which I sincerely doubt), use StringBuilder, its functionality is similar to StringBuffer, but not sync'ed.
No, the problem is precisely *not choice* in that in order to get a
SWING element, one has to use the SWING methods available. In this
context, the JTextField.getText() returns a String.
> On 11 apr. 2014, at 15:57, ianG <iang at iang.org> wrote:
>
>> On 10/04/2014 07:15 am, Jerry Leichter wrote:
>>
>>> ...Also, since String's are immutable in Java, you have the problem that even if you know you've got sensitive data you no longer need stored in a String ... there's nothing you can do to get rid of it.)
>>
>> That problem - exactly, does anyone know a solution in Java to cleansing
>> Strings?
>>
>> (I write the password, etc code in byte[] but sometimes one has to have
>> a String, such as asking the user for some input, .. like a password.)
>
> Using which interface?
OK, I suppose I could further investigate SWING and see if there is a
class that gives better byte[] access, etc.
iang
More information about the cryptography
mailing list