[Cryptography] Heartbleed and fundamental crypto programming practices
Phillip Hallam-Baker
hallam at gmail.com
Sun Apr 13 08:53:01 EDT 2014
On Fri, Apr 11, 2014 at 9:30 PM, Twan van der Schoot <nanitous at xs4all.nl> wrote:
> Hi Ian,
>
> Probably stating the obvious, but it appears that Java Swing already provides a Swing component for passwords including a note how to erase the content of a pwd holding variable asap:
>
> http://docs.oracle.com/javase/tutorial/uiswing/components/passwordfield.html
>
> And it returns pwds in a char[] to boot!
>
> http://docs.oracle.com/javase/tutorial/displayCode.html?code=http://docs.oracle.com/javase/tutorial/uiswing/examples/components/PasswordDemoProject/src/components/PasswordDemo.java
>
> I wouldn't use byte[] to store user input, rather char[], because you don't want to handle all possible input methods like German, Dutch, English, Arabic, Traditional and Simplified Chinese. If you insist on using byte[], there are plenty of ways to do it right and quick.
I stopped using Java when Sun sued Microsoft. Microsoft does actually
do the right thing in .NET:
System.Security.SecureString
The data is encrypted and is disposed of properly.
In C my coding rule is invariably, that I declare the only memory
allocator and this zeros all memory on acquisition and release. I
don't allow calls to malloc, strncmp and a bunch of other library
functions by disabling them with macros setting them to make a compile
error:
#ifndef restricted_calls
#define malloc(x) malloc_not_permitted()
#define free(x) free_not_permitted()
...
#endif
This approach does allow the functions to be used via pointers. But
code that does that is rarely a problem since the main reason to use
the pointers would be to enable the memory manager to be dropped out.
--
Website: http://hallambaker.com/
More information about the cryptography
mailing list