[Cryptography] Heartbleed and fundamental crypto programming practices
ianG
iang at iang.org
Sat Apr 12 11:52:49 EDT 2014
On 11/04/2014 21:18 pm, Twan van der Schoot wrote:
> Hi Ian,
>
> Probably stating the obvious, but it appears that Java Swing already provides a Swing component for passwords including a note how to erase the content of a pwd holding variable asap:
>
> http://docs.oracle.com/javase/tutorial/uiswing/components/passwordfield.html
Thanks, I was just too lazy or too busy, will read.
> And it returns pwds in a char[] to boot !
Chars aren't any good because the crypto algorithms need bytes. Let's
not suggest the alternate to anyone ;)
> http://docs.oracle.com/javase/tutorial/displayCode.html?code=http://docs.oracle.com/javase/tutorial/uiswing/examples/components/PasswordDemoProject/src/components/PasswordDemo.java
Hmmm, yes, thanks. And I even found the switch to make the passwords
not be starred so people can remember them and type them in more
clearly. Old practices from the terminal lab die hard.
iang
More information about the cryptography
mailing list