Char array Vs Byte array which one to use?

Question

I was passing sensitive information (between my app and backend) like password in String format. Later on I realized that password can be easily read from heap memory dump as it is stored in text format.

String password = "super_password";

So I decided to use Char array,

Char[] passChar = password.toCharArray();

but I am worried that password can still be read from memory dump character by character. Then I thought of using byte array instead.

byte[] passByte = password.getBytes();

My question: Is it safe to use byte array for passing sensitive information like password ? OR can anyone recommend anything secure ?

Answer 1

may be you can encrypt password by MD5 or other encryption.

package test.md5;

import java.security.MessageDigest;

public class MD5Util {
    public final static String MD5(String s) {
        char hexDigits[]={'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};       

        try {
            byte[] btInput = s.getBytes();
            // get MD5 MessageDigest obj
            MessageDigest mdInst = MessageDigest.getInstance("MD5");
            // update
            mdInst.update(btInput);
            // get encryption string
            byte[] md = mdInst.digest();
            // change to hexadecimal
            int j = md.length;
            char str[] = new char[j * 2];
            int k = 0;
            for (int i = 0; i < j; i++) {
                byte byte0 = md[i];
                str[k++] = hexDigits[byte0 >>> 4 & 0xf];
                str[k++] = hexDigits[byte0 & 0xf];
            }
            return new String(str);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static void main(String[] args) {
        System.out.println(MD5Util.MD5("20121221"));
        System.out.println(MD5Util.MD5("encrypt"));
    }
}

Answer 2

Password-oriented APIs in Java use char[]. For example, Console and JPasswordField return character arrays from password input, and PBEKey and KeyStore require a char[] for password-based encryption.

Conversion between byte[] and char[] would create more copies of the sensitive data in the heap, and it could be difficult to ensure that the character encoder erased all password data from its internal buffers.

Use a char[] to store passwords, and write '\0' to the array as soon as the password is no longer necessary.

Answer 3

chars are just multi-byte representations of characters, so a memory dump would give pretty much the same results. You should look into encrypting passwords for storage: as in this stackoverflow answer: Encrypt Password in Configuration Files? (Java)

Answer 4

I am assuming that this question primarily relates to transferring of the password from one process on one host to another process on another host but will cover reading in the password to a particular variable as well.

The assignment issue is not limited to just assigning the password to a String instance which suffers from the issues that have been detailed in other SF answers such as this. I would add that you use a char or byte array not in the global context but locally in a method context so that it goes out of scope quickly once the method is exited making it available for GC. If it the variable is in the young generation then multiple GC cycles would be required to clear it once it has gone out of scope. Plus char/byte[] are mutable so it can be cleared out as well. However there would be still an opportunity for the password to be recovered from a heap dump it one coincides with this time.

In short:

1. NEver persist the password in clear text in the backend. [Use Hashing with salt. Detailed here.]
2. Never transfer the password in clear text on a non-secure medium. [Use TLS between the hosts]