secure erasure of Java key/password buffers

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Hi everybody,

I=92ve just stumbled across some crypto interface code written in Java wher=
e buffers of (sensitive) data/keys are not explicitly erased (zeroed out) a=
fter use. Coming from a C programming background where explicit zeroing out=
 of memory after use is highly recommended, I=92m wondering whether this sh=
ould also be done in Java. I understand that it=92s impossible to guarantee=
 efficient erasure of all possible instances of a data object in Java.=20

I=92m seeing two contradictory arguments here:
=95    Explicit zeroing out of a memory object after use may considerably redu=
ce, ideally eliminate  the likelihood/number of remaining object instances =
with the original content.
=95    Explicit zeroing out (i.e. alteration) of a memory object may cause the=
 memory manager to explicitly create a new (additional) copy of the origina=
l content. Hence, this action would not catch the initial instance of the d=
ata abject, but only create additional overhead.

Does it make sense to distinguish between "simple" data types (e.g. an int =
array with constant size) and "complex" data types (e.g. a string object)? =
Do you know of any good research or reference about this? I haven=92t found=
 anything well investigated in the Internet. Both arguments exist.

Thanks, Michael

Site Timeline