Re: [GNU Crypto] Passwords Immutable?

[Matthew Sackman]

On Mon, Apr 12, 2004 at 02:41:14PM -0700, Casey Marshall wrote:
> What I would probably do is introduce some new classes, e.g.
> 
> public final class Password {
>   private final char[] password;
>   public Password (char[]);
>   public char[] getPassword();
>   public void destroy();
> }
> 
> Which makes more sense than a char array, and even kind of makes more
> sense than a String. The sensitive data is immutable, but erasable,
> and it is wrapped in an object that is sensible for it's purpose.
> 
> There's also the javax.security.auth.Destroyable interface, which any
> JVM worth it's salt should be written to respect.

And now in 1.5 there's java.security.KeyStore.PasswordProtection which
does everything that's needed. So I would simply use that and state that
there are significant security concerns with using the crypto library
with any JVM which doesn't implement version 1.5 or higher.

I really don't see the point in writing code which is most likely to
provide no additional security especially considering how rapid the
switch to 1.5 will probably be. So I'd just use the PasswordProtection
class if available and not bother if it's not.

Matthew
-- 
Matthew Sackman

BOFH excuse #415:
Maintenance window broken