+ 67

Generally Char array is preferred over String for storing password . Why?

14th Apr 2018, 4:26 AM

💞ⓢⓦⓐⓣⓘ💞

31 Answers

+ 106

Since Strings are immutable in Java if you store password as plain text it will be available in memory until Garbage collector clears it and since String are used in String pool for reusability there is pretty high chance that it will remain in memory for long duration, which pose a security threat. Since any one who has access to memory dump can find the password in clear text and that's another reason you should always used an encrypted password than plain text. Since Strings are immutable there is no way contents of Strings can be changed because any change in string will produce a new string while if you char[] you can still set all his element as blank or zero. So Storing password in character array clearly mitigates security risk of stealing password. so once you create an object and now decide to change the password, thete is no way you can empty out the string. thats why char array is more suitable for password

14th Apr 2018, 4:41 AM

MsJ

+ 24

Using char[] instead of String for passwords is (IMHO) a bad idea for a few reasons: 1. That's going to massively complicate things. Strings maintain information about character encodings - char[] (obviously) does not. So if you use char[], you have to be very careful to always use the same encoding. This is critical if you support non-US English users (and you should always do that!). 2. If a malicious user gets access to read core dump files in /tmp, it's game over anyways. At that point, it means that not only has a malicious user gained access to your server, but he's also gained either root or application user access - so he's fully compromised the system. 3. char[] are not pinned to RAM. The OS swaps char [] data just as easily as String data, writing it to disk in the swap file. 4. Strings may be immutable, making it more likely that they hang around for a while in memory due to string internment, but char[]'s aren't guaranteed to be removed from memory either due to the uncertainties of garbage collections. You can never be sure any memory is cleared in Java, nor can you tell Java to clear any memory. Using char[] instead of String makes your code buggier, harder to maintain, harder to write, and only more secure in a totally impractical sense.

22nd Apr 2018, 12:51 PM

CHERRY

+ 18

It is in C++ And Other

20th Apr 2018, 7:08 PM

Sadaam Linux

+ 13

Thank you Mohit the coder (M.S.D)

14th Apr 2018, 4:55 AM

💞ⓢⓦⓐⓣⓘ💞

+ 12

c++ and many

14th Apr 2018, 4:34 AM

💞ⓢⓦⓐⓣⓘ💞

+ 12

in c++ std::string is using a char array internally. so in c++ std::basic_string<char> or std::basic_string<unsigned char> are superior to plain char arrays for simply everything (including processing passwords).

14th Apr 2018, 11:49 AM

---

+ 10

Thank you J.G....For appreciating. Thank you all guys for explanation. :-) 👏🏻👏🏻👏🏻👏🏻👏🏻👏🏻

20th Apr 2018, 1:53 PM

💞ⓢⓦⓐⓣⓘ💞

+ 9

Strings are immutable. That means once you've created the String, if another process can dump memory, there's no way (aside from reflection) you can get rid of the data before garbage collection kicks in. With an array, you can explicitly wipe the data after you're done with it. You can overwrite the array with anything you like, and the password won't be present anywhere in the system, even before garbage collection. One more reason I think is, with plain String you have much higher chances of accidentally printing the password to logs, monitors or some other insecure place. char[] is less vulnerable.

15th Apr 2018, 9:06 AM

Rusty.Metal

+ 9

How about because passwords are stored in encrypted (hashed) form. Run: sudo cat /etc/shadow on a Linux server as an example. A password entered is run through an algorithm and the resulting hash compared to the stored one. A char array is easier and quicker to run the encryption (hashing) algorithm upon because array access is constant time. A char[] is also compatible with almost anything so it wouldn't matter if the hashing algorithm was written in, say, C. (A char[] is just a chunk of raw bytes, it contains no size or other data). The cleanup is neater because we have the memory address which can be used to immediately wipe the array (zero the memory chunk). I've never looked into std::string or other container internals, but suppose you needed to expand the string size from 12 to 16 bytes due to insufficient contiguous memory? A container automatically handles reallocation, leaving the programmer unable to zero out the previous 12 bytes because s/he has no idea how the container works. For speed, I'd guess a string or any container free()s the memory and malloc()s some more as needed every N bytes. This would leave a password "lying around" in memory. The next part comes in cleaning up in general. To zero that memory, having the char array's address and size is easier (as mentioned).

20th Apr 2018, 8:44 PM

non

+ 8

Just in case anyone interested, we have SecureString as opposed to String in C# which serves the same purpose. 😉

21st Apr 2018, 9:49 AM

Zephyr Koo

+ 8

As nonzyro said, the passwords are kept in hashed form. But I'll add some more points. No one is keeping the passwords in the app. You should just read the password from user in a function scope, hash it, add some salt (more than one round) and store it the database. And in case of database, like MongoDB, one usually store them in a string in hashed form.

21st Apr 2018, 11:22 AM

Aaron Sarkissian

+ 7

ⓢⓦⓐⓣⓘ Which language?

14th Apr 2018, 4:33 AM

Manual

+ 7

Yes, your logics are good !:-)nonzyro

21st Apr 2018, 1:50 PM

💞ⓢⓦⓐⓣⓘ💞

+ 6

Thanks マυѕту Nice explanation!

15th Apr 2018, 9:07 AM

💞ⓢⓦⓐⓣⓘ💞

+ 6

I think second reason is also good!@rusty

15th Apr 2018, 9:08 AM

💞ⓢⓦⓐⓣⓘ💞

+ 6

Happy to help ⓢⓦⓐⓣⓘ .

15th Apr 2018, 11:26 AM

Rusty.Metal

+ 4

strings are easily produce new strings by a simple changes so char is preferred to store password secure from the hacking. Tq for good question and intellectual responses ...

20th Apr 2018, 6:33 PM

DN HAMSAVENI