+ 67
Generally Char array is preferred over String for storing password . Why?
32 Respuestas
+ 106
Since Strings are immutable in Java if you store password as plain text it will be available in memory until Garbage collector clears it and since String are used in String pool for reusability there is pretty high chance that it will remain in memory for long duration, which pose a security threat. Since any one who has access to memory dump can find the password in clear text and that's another reason you should always used an encrypted password than plain text. Since Strings are immutable there is no way contents of Strings can be changed because any change in string will produce a new string
while if you char[] you can still set all his element as blank or zero. So Storing password in character array clearly mitigates security risk of stealing password.
so once you create an object and now decide to change the password, thete is no way you can empty out the string. thats why char array is more suitable for password
+ 26
Using char[] instead of String for passwords is
(IMHO) a bad idea for a few reasons:
1. That's going to massively complicate things.
Strings maintain information about character
encodings - char[] (obviously) does not. So if you
use char[], you have to be very careful to always use
the same encoding. This is critical if you support
non-US English users (and you should always do
that!).
2. If a malicious user gets access to read core dump
files in /tmp, it's game over anyways. At that point, it
means that not only has a malicious user gained
access to your server, but he's also gained either
root or application user access - so he's fully
compromised the system.
3. char[] are not pinned to RAM. The OS swaps char
[] data just as easily as String data, writing it to disk
in the swap file.
4. Strings may be immutable, making it more likely
that they hang around for a while in memory due to
string internment, but char[]'s aren't guaranteed to
be removed from memory either due to the
uncertainties of garbage collections. You can never
be sure any memory is cleared in Java, nor can you
tell Java to clear any memory.
Using char[] instead of String makes your code
buggier, harder to maintain, harder to write, and only
more secure in a totally impractical sense.
+ 18
It is in C++ And Other
+ 13
Thank you Mohit the coder (M.S.D)
+ 12
c++ and many
+ 12
in c++ std::string is using a char array internally.
so in c++ std::basic_string<char> or std::basic_string<unsigned char> are superior to plain char arrays for simply everything (including processing passwords).
+ 10
Thank you J.G....For appreciating.
Thank you all guys for explanation. :-) 👏🏻👏🏻👏🏻👏🏻👏🏻👏🏻
+ 9
Strings are immutable. That means once you've created the String, if another process can dump memory, there's no way (aside from reflection) you can get rid of the data before garbage collection kicks in.
With an array, you can explicitly wipe the data after you're done with it. You can overwrite the array with anything you like, and the password won't be present anywhere in the system, even before garbage collection.
One more reason I think is, with plain String you have much higher chances of accidentally printing the password to logs, monitors or some other insecure place. char[] is less vulnerable.
+ 9
How about because passwords are stored in encrypted (hashed) form. Run:
sudo cat /etc/shadow
on a Linux server as an example.
A password entered is run through an algorithm and the resulting hash compared to the stored one.
A char array is easier and quicker to run the encryption (hashing) algorithm upon because array access is constant time. A char[] is also compatible with almost anything so it wouldn't matter if the hashing algorithm was written in, say, C. (A char[] is just a chunk of raw bytes, it contains no size or other data).
The cleanup is neater because we have the memory address which can be used to immediately wipe the array (zero the memory chunk).
I've never looked into std::string or other container internals, but suppose you needed to expand the string size from 12 to 16 bytes due to insufficient contiguous memory? A container automatically handles reallocation, leaving the programmer unable to zero out the previous 12 bytes because s/he has no idea how the container works. For speed, I'd guess a string or any container free()s the memory and malloc()s some more as needed every N bytes. This would leave a password "lying around" in memory.
The next part comes in cleaning up in general. To zero that memory, having the char array's address and size is easier (as mentioned).
+ 8
Just in case anyone interested, we have SecureString as opposed to String in C# which serves the same purpose. 😉
+ 8
As nonzyro said, the passwords are kept in hashed form. But I'll add some more points. No one is keeping the passwords in the app. You should just read the password from user in a function scope, hash it, add some salt (more than one round) and store it the database. And in case of database, like MongoDB, one usually store them in a string in hashed form.
+ 7
ⓢⓦⓐⓣⓘ Which language?
+ 7
Yes, your logics are good !:-)nonzyro
+ 6
Thanks マυѕту
Nice explanation!
+ 6
I think second reason is also good!@rusty
+ 6
Happy to help ⓢⓦⓐⓣⓘ .
+ 4
strings are easily produce new strings by a simple changes so char is preferred to store password secure from the hacking. Tq for good question and intellectual responses ...
+ 3
Very good question! 👍
+ 3
Thank youBill Zelenko
+ 3
:-):-):-)ᏒᏬᏕᏖᎩ