Open andy-goryachev opened 2 weeks ago
Great point @andy-goryachev. I see you are fan of DirectByteBuffer, although I've seen some issues with those as well. If we ensure that every method which allocates a byte array zeros out all of the bytes prior to method termination, would you consider that sufficient protection for those values?
This has already been done for a few specific values that the standard marks as "secret", but we can easily update things to do this everywhere.
no: GC can make copies.
As you pointed out, I did try to use DirectBuffer (https://github.com/andy-goryachev/MemSafeCrypto) with some moderate performance hit obviously; perhaps Panama FFM and its MemorySegment will be faster. I think it's been released in JDK22 (https://openjdk.org/jeps/454).
For the time being @andy-goryachev , I am adding code to explicitly zero out intermediate values after last use during processing. Will take another look at this when JDK 25 comes out to see if there are more options, because I'm only targeting LTS releases.
An attacker who gets access to a memory dump or an unencrypted swap file may obtain secret material.