Feature #3121: migrate secrets handling to unmanaged C code for more reliable zeroizing - CacheWord - Guardian Project Dev (ARCHIVED SITE)

Copy

Feature #3121

« Previous | 9 of 13 | Next »

migrate secrets handling to unmanaged C code for more reliable zeroizing

Added by abeluck almost 4 years ago.

Status:

New

Start date:

03/25/2014

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Target version:

0.2

Component:

Description

With our Wiper class, we currently make a good attempt, using reflection, to wipe sensitive data inside the JVM. But due to memory relocation during garbage collection in the JVM, we can't be sure copies of data haven't been made inadvertently.

To solve this we can create C helpers that manage sensitive data in real memory. NIO Direct Byte Buffers might be useful here.

http://docs.oracle.com/javase/7/docs/technotes/guides/jni/jni-14.html#GetDirectBufferAddress
http://docs.oracle.com/javase/1.5.0/docs/api/java/nio/ByteBuffer.html#allocateDirect%28int%29

Copy

Also available in: Atom PDF

Developer Libraries » CacheWord

Issues

Custom queries

Feature #3121

migrate secrets handling to unmanaged C code for more reliable zeroizing