Search:

Type: Posts; User: andbin

Search: Search took 0.19 seconds.

  1. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    pleased to have helped!
  2. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    clear() plus an invocation of put(byte[]) passing a new byte[theCapacityOfByteBuffer] (that by itself has all zeros)
    ;)
  3. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    From javadoc documentation of clear() in Buffer:

    "Clears this buffer. The position is set to zero, the limit is set to the capacity, and the mark is discarded.
    [....]
    This method does not...
  4. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    To be honest, I left this option as the last ... because the use of Arrays.equals method is far a better way to do this!


    You have to explicitly fill the arrays and ByteBuffer to "clear" all...
  5. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    Because, again for arrays, they don't redefine the equals() method, so remains the equals() inherited from Object, that it is only based on object "identity", it compares only the references (not the...
  6. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    Yes, now your code has sense! But if you arrived at this solution (more complex than using String for the clear password), it's supposed because you care much about security. Thus after the use you...
  7. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    Reread my answer #9, please.
    1) You start with a char[] (the password in clear).
    2) Create a Charset for UTF-8.
    3) Encode the characters sequence in a ByteBuffer.
    4) MessageDigest has an update...
  8. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    In my answer #9 I have (I hope) clearly explained how to obtain a ByteBuffer (perfectly suitable for MessageDigest) from a char[].
    What's the difficulty?
  9. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    Every String object contains a char[] that is not shared nor directly accessible (since strings are "immutable"). So a password in a String cannot be cleared.
    Any array and also a ByteBuffer can be...
  10. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    char[] charArray = ........

    Charset utf8 = Charset.forName("UTF-8");
    ByteBuffer byteBuffer = utf8.encode(CharBuffer.wrap(charArray));

    And note that MessageDigest has a void update(ByteBuffer...
  11. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    Yes, somethings can be better:

    1) You have used getBytes() to get the byte[] from the String. However, getBytes() uses the "default" charset of the platform, that can vary from one O.S. to the...
  12. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    In databases/files (or anywhere a password is permanently stored), it's a good thing not to store passwords in "clear". Instead it's better to store a "hash" of the password (MD5, SHA1, etc...)....
  13. Replies
    26
    Views
    4,273

    [SOLVED] Re: Using passwords the right way?

    Precisely for this reason, JPasswordField has the method:

    public char[] getPassword()

    so that you can fill the array, after the use, so that password does not remain "somewhere".


    It's...
Results 1 to 13 of 13