0

We store the password as char array in java and find the good reason for this. I came across an interview question stating "What if password is encrypted and we save that in String, is that okay? or why not?"

What I could think is process of encryption and decryption involve Plain text String object somewhere and we are back to same issue plain text password in String. Not very convinced with my own answer, What may be reason/justification for this.

Ajeetkumar
  • 1,271
  • 7
  • 16
  • 34
  • "Encrypted" how? Do they mean securely hashed or something else? – chrylis -cautiouslyoptimistic- Dec 01 '17 at 18:42
  • You should not *encrypt* passwords ever. – luk2302 Dec 01 '17 at 18:42
  • 1
    @luk2302 - "Ever" is too strong. How would you deal with a situation where your application needs to programmatically authenticate against a password-secured service, for example? – Oliver Charlesworth Dec 01 '17 at 18:44
  • @OliverCharlesworth then you can just store them in plaintext anyway imho. Have not come across a situation like that though. – luk2302 Dec 01 '17 at 18:48
  • @luk2302 - I suppose generally it might not be a password, but it might be credentials of another form (AWS secret access key, API token, etc.) Either way, if those creds are at-rest anywhere (in a database, in a config file, etc.) you'd almost certainly need to encrypt them, to minimise the blast radius of e.g. a database breach. Of course, it's "turtles all the way down" - you now need to store the master encryption key somewhere :) – Oliver Charlesworth Dec 01 '17 at 18:52
  • @luk2302, can you help me understand why we shouldn't encrypt passwords? – Ajeetkumar Dec 02 '17 at 09:59
  • @chrylis, yes, let's say i used hashing. – Ajeetkumar Dec 02 '17 at 10:00

2 Answers2

1

This sounds like a security question. They are probably looking at the ability to overwrite the memory of a character array once it is used.

A string, being immutable, will stick around in memory until garbage collected and then the memory being reused. A memory dump could, in theory, find the encrypted password, which could be decrypted and exposed.

Using a character array, once finished with it, you can overwrite the memory so that it no longer can be exposed. Of course, it is still in memory for a short time.

Garr Godfrey
  • 8,257
  • 2
  • 25
  • 23
0

Interesting question. The major reasons I could think of not selecting string over char[] is obviously based upon "security".

  1. Strings are immutable

    • Plain texts would be available in the memory until the garbage collector does the function of removing it. Leaving the text there until intervention from the collector is one major vulnerability I could think of.

  2. Technically, Log file safety. Example:

    String sPsswrd = "test";

    Char[] cPsswrd = new char[]{'t','e','s','t'};

    If this gets printed say somewhere in the log files,

    System.out.println("password as string: "+sPsswrd);

    System.out.println("password as Char array "+cPsswrd);

Output:

password as string: test
password as Char array: [@14

Password will remain safer if it is stored as a array. Hope this gave some idea about the possible problem.

coder kemp
  • 361
  • 2
  • 13