pleased to have helped!
Type: Posts; User: andbin
pleased to have helped!
clear() plus an invocation of put(byte[]) passing a new byte[theCapacityOfByteBuffer] (that by itself has all zeros)
;)
From javadoc documentation of clear() in Buffer:
"Clears this buffer. The position is set to zero, the limit is set to the capacity, and the mark is discarded.
[....]
This method does not...
To be honest, I left this option as the last ... because the use of Arrays.equals method is far a better way to do this!
You have to explicitly fill the arrays and ByteBuffer to "clear" all...
Because, again for arrays, they don't redefine the equals() method, so remains the equals() inherited from Object, that it is only based on object "identity", it compares only the references (not the...
Yes, now your code has sense! But if you arrived at this solution (more complex than using String for the clear password), it's supposed because you care much about security. Thus after the use you...
Reread my answer #9, please.
1) You start with a char[] (the password in clear).
2) Create a Charset for UTF-8.
3) Encode the characters sequence in a ByteBuffer.
4) MessageDigest has an update...
In my answer #9 I have (I hope) clearly explained how to obtain a ByteBuffer (perfectly suitable for MessageDigest) from a char[].
What's the difficulty?
Every String object contains a char[] that is not shared nor directly accessible (since strings are "immutable"). So a password in a String cannot be cleared.
Any array and also a ByteBuffer can be...
char[] charArray = ........
Charset utf8 = Charset.forName("UTF-8");
ByteBuffer byteBuffer = utf8.encode(CharBuffer.wrap(charArray));
And note that MessageDigest has a void update(ByteBuffer...
Yes, somethings can be better:
1) You have used getBytes() to get the byte[] from the String. However, getBytes() uses the "default" charset of the platform, that can vary from one O.S. to the...
In databases/files (or anywhere a password is permanently stored), it's a good thing not to store passwords in "clear". Instead it's better to store a "hash" of the password (MD5, SHA1, etc...)....
Precisely for this reason, JPasswordField has the method:
public char[] getPassword()
so that you can fill the array, after the use, so that password does not remain "somewhere".
It's...