为什么 char[] 优于 String 作为密码? [英] Why is char[] preferred over String for passwords?

问题描述

在 Swing 中，密码字段有一个 getPassword()(返回 char[])方法，而不是通常的 getText()(返回 String) 方法.同样，我遇到了一个建议，不要使用 String 来处理密码.

In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (returns String) method. Similarly, I have come across a suggestion not to use String to handle passwords.

为什么 String 对密码的安全构成威胁?使用char[]感觉不方便.

Why does String pose a threat to security when it comes to passwords? It feels inconvenient to use char[].

推荐答案

字符串是不可变的.这意味着一旦您创建了 String，如果另一个进程可以转储内存，则没有办法(除了 reflection) 你可以在 垃圾收集开始.

Strings are immutable. That means once you've created the String, if another process can dump memory, there's no way (aside from reflection) you can get rid of the data before garbage collection kicks in.

使用数组，您可以在完成后显式擦除数据.你可以用你喜欢的任何东西覆盖数组，密码不会出现在系统的任何地方，即使在垃圾收集之前也是如此.

With an array, you can explicitly wipe the data after you're done with it. You can overwrite the array with anything you like, and the password won't be present anywhere in the system, even before garbage collection.

所以是的，这是一个安全问题 - 但即使使用 char[] 也只会减少攻击者的机会窗口，而且它仅适用于这种特定类型的攻击.

So yes, this is a security concern - but even using char[] only reduces the window of opportunity for an attacker, and it's only for this specific type of attack.

如评论中所述，垃圾收集器移动的数组可能会在内存中留下数据的杂散副本.我相信这是特定于实现的 - 垃圾收集器可能清除所有内存，以避免这种事情.即使是这样，在 char[] 中仍然存在包含实际字符作为攻击窗口的时间.

As noted in the comments, it's possible that arrays being moved by the garbage collector will leave stray copies of the data in memory. I believe this is implementation-specific - the garbage collector may clear all memory as it goes, to avoid this sort of thing. Even if it does, there's still the time during which the char[] contains the actual characters as an attack window.

这篇关于为什么 char[] 优于 String 作为密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！