Why we read password from console in char array instead of String [duplicate]

Question

Possible Duplicate:
Why is char[] preferred over string for passwords?

When I was preparing for OCPJP I came accross the topic - "Reading User input from console".

There was an example where it read username in String reference, whereas password in a char[] array, but I couldn't understand why it used char array.. Here is the code : -

Console console = System.console();

String username = console.readLine("User Name? ");
char[] password = console.readPassword("Password? "); 

This raised a doubt in my mind.. Why didn't we used String reference to store password. Since Strings are immutable, so it must be more secure to read password in a String, as its content could not be changed for that matter.

So, what's the whole point in reading password in char[] array..

Can anyone shed some light in this matter?

Answer 1

As you said, strings are immutable, meaning that once you've created the string, if another process can dump memory, there's no way (ok, may with reflection) you can get rid of the data before GC kicks in.

With an array, you can explicitly wipe the data after you're done with it: you can overwrite the array with anything you like, and the password won't be present anywhere in the system, even before garbage collection.

Answer 2

From the Javadoc of java.io.Console:

Security note: If an application needs to read a password or other secure data, it should use readPassword() or readPassword(String, Object...) and manually zero the returned character array after processing to minimize the lifetime of sensitive data in memory.

This is just to prevent other applications (like keyloggers etc., from accessing the password.

And moreover if you use String, since they are immutable, modifying them would create copies in the memory. Using char[] would save you in this case. As they are mutable, they won't create an copies and you can make them null after processing.