Answer by Neeraj for Why is char[] preferred over String for passwords?
It is debatable as to whether you should use String or use Char[] for this purpose because both have their advantages and disadvantages. It depends on what the user needs. Since Strings in Java are...
View ArticleAnswer by ACV for Why is char[] preferred over String for passwords?
String is immutable and it goes to the string pool. Once written, it cannot be overwritten. char[] is an array which you should overwrite once you used the password and this is how it should be done:...
View ArticleAnswer by Saathvik for Why is char[] preferred over String for passwords?
String in java is immutable. So whenever a string is created, it will remain in the memory until it is garbage collected. So anyone who has access to the memory can read the value of the string. If the...
View ArticleAnswer by Pritam Banerjee for Why is char[] preferred over String for passwords?
The short and straightforward answer would be because char[] is mutable while String objects are not. Strings in Java are immutable objects. That is why they can't be modified once created, and...
View ArticleAnswer by Geek for Why is char[] preferred over String for passwords?
Strings are immutable and cannot be altered once they have been created. Creating a password as a string will leave stray references to the password on the heap or on the String pool. Now if someone...
View ArticleAnswer by Peter Lawrey for Why is char[] preferred over String for passwords?
As Jon Skeet states, there is no way except by using reflection. However, if reflection is an option for you, you can do this. public static void main(String[] args) { System.out.println("please enter...
View ArticleAnswer by Graph Theory for Why is char[] preferred over String for passwords?
Edit: Coming back to this answer after a year of security research, I realize it makes the rather unfortunate implication that you would ever actually compare plaintext passwords. Please don't. Use a...
View ArticleAnswer by Oleg Mikheev for Why is char[] preferred over String for passwords?
There is nothing that char array gives you vs String unless you clean it up manually after use, and I haven't seen anyone actually doing that. So to me the preference of char[] vs String is a little...
View ArticleAnswer by Human Being for Why is char[] preferred over String for passwords?
These are all the reasons, one should choose a char[] array instead of String for a password. 1. Since Strings are immutable in Java, if you store the password as plain text it will be available in...
View ArticleAnswer by emboss for Why is char[] preferred over String for passwords?
The answer has already been given, but I'd like to share an issue that I discovered lately with Java standard libraries. While they take great care now of replacing password strings with char[]...
View ArticleAnswer by Bruno for Why is char[] preferred over String for passwords?
To quote an official document, the Java Cryptography Architecture guide says this about char[] vs. String passwords (about password-based encryption, but this is more generally about passwords of...
View ArticleAnswer by Konrad Garus for Why is char[] preferred over String for passwords?
While other suggestions here seem valid, there is one other good reason. With plain String you have much higher chances of accidentally printing the password to logs, monitors or some other insecure...
View ArticleAnswer by josefx for Why is char[] preferred over String for passwords?
Some people believe that you have to overwrite the memory used to store the password once you no longer need it. This reduces the time window an attacker has to read the password from your system and...
View ArticleAnswer by Sean Owen for Why is char[] preferred over String for passwords?
I don't think this is a valid suggestion, but, I can at least guess at the reason. I think the motivation is wanting to make sure that you can erase all trace of the password in memory promptly and...
View ArticleAnswer by alephx for Why is char[] preferred over String for passwords?
Character arrays (char[]) can be cleared after use by setting each character to zero and Strings not. If someone can somehow see the memory image, they can see a password in plain text if Strings are...
View ArticleAnswer by Jon Skeet for Why is char[] preferred over String for passwords?
Strings are immutable. That means once you've created the String, if another process can dump memory, there's no way (aside from reflection) you can get rid of the data before garbage collection kicks...
View ArticleWhy is char[] preferred over String for passwords?
In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (returns String) method. Similarly, I have come across a suggestion not to use String to handle...
View ArticleAnswer by Aditya Rewari for Why is char[] preferred over String for passwords?
Case String: String password = "ill stay in StringPool after Death !!!"; // some long code goes // ...Now I want to remove traces of password password = null; password = ""; // above attempts wil...
View ArticleAnswer by Dibsyhex for Why is char[] preferred over String for passwords?
Lot of great answers above. There is another point which I am assuming(please correct me if I am wrong ). By default Java uses UTF-16 for storing strings. Using character arrays char[]array facilitates...
View ArticleAnswer by Parth for Why is char[] preferred over String for passwords?
We should not use string to store passwordsIt seems logical and relatively easier to store a password in a String object than in a character array.Since Strings are immutable in Java if you store the...
View Article