M
Markus Schuhmacher
Guest
I wrote a little test application which converts a string into a SHA-256 hash and displays this to a Textbox. Later on I want to deal with AES encryption and some things like that.
I was thinking about security concerns. When using a string object I can not change the content anymore, right? So when changing the text content (a string) of a text field a new string Object is created and the garbage collector will remove the old object some time?
Anyways I was thinking about using a char array for encrypting a password because I can clean up the char array manually with e.g. \0. If I would use a string for the encrypted password the object might be visible for some time inside the memory until this memory part has been overwritten.
So know I am a little confused and dont know what to do. Can anybody give me some advice how to deal with risky content in realtime?
Continue reading...
I was thinking about security concerns. When using a string object I can not change the content anymore, right? So when changing the text content (a string) of a text field a new string Object is created and the garbage collector will remove the old object some time?
Anyways I was thinking about using a char array for encrypting a password because I can clean up the char array manually with e.g. \0. If I would use a string for the encrypted password the object might be visible for some time inside the memory until this memory part has been overwritten.
So know I am a little confused and dont know what to do. Can anybody give me some advice how to deal with risky content in realtime?
Continue reading...