Wednesday, October 2, 2019

java - Clearing a char array of sensitive data from memory

Is there a difference in benefit for "zeroing out" a char array so it doesn't stay in memory using Arrays.fill(password, 0) instead of using password = null? I'm not asking why use a char array instead of a String. I'm asking why set the values to 0 instead of setting the array to null. Is it because setting the values to 0 immediately changes the value in memory, while null doesn't immediately change the value to null in memory, but instead just waits for it to be garbage collected? Would it make sense to set the values to 0 then immediately set it to null as well so that it gets garbage collected, instead of sitting around as an array of 0's?

No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...