Geek Answers Handbook

What is the safest way to embed a password in Java code?

I should preface this, stating that I know that hard-coding passwords in a client application is bad practice for many reasons. There are other questions regarding this issue. The scope of this question is narrower and suggests that credential authentication should consist of client application code for a number of reasons that are out of your control.

If some methods are better than others (for example, JPasswordField stores the password in a char array instead of String), and if you had to hardcode it in a Java application, what measures could you take to make it harder to get?

Update:

One instance of the application runs on a remote PC, where the end user has administrator rights. Credentials are used to access the database on the same network, so the actual password has already been set and must be entered manually in the actual code.

+6
source share
6 answers

.... if you had to hardcode it in a Java application, what measures could you take to make it harder to extract?

To begin with, I would like to be sure that the person responsible for making this bad decision is fully aware that this is fundamentally and inevitably unsafe 1 .

Then I would probably come up with some kind of algorithm that collects the password in an obscure way; for example, by creating double-byte arrays and their XOR encoding ... and distributing entangled byte codes. The best you can hope for is making it difficult for kids with limited skills to reverse engineer the password from your code.

(Encrypting a password using a reliable algorithm will not help much, because the choice of algorithm and decryption key should be built into your code. Indeed, any scheme you can dream of can be defeated with a debugger to set a breakpoint at the point where Password must be clear.)

1 ... and that even John Skeet cannot provide security.

If some methods are better than others (for example, JPasswordField stores the password in an array of characters instead of String) ...

I just want to note that the usual reason for using a char array is to store passwords in JPasswordField, etc. It consists in protecting against bad guys reading passwords from core dumps or swap files. This will not help much in this case, because we must assume that the bad guy you should care about is someone else with access to the system administrator. He or she will have sufficient control to attach the debugger to the JVM and capture bytes from the char array.

+6
source

As a general guide, you should never store a password (of course).

If you need a password that is accessible at runtime, the best practice (for example, in Jez Humble's long-running delivery book) is to provide a password at deployment / startup. Thus, a password can only be in people's heads, and not somewhere in an insecure file.

I do not know if this is possible in your case, but you should strive for this.

+1
source

I think the least imperfect solution is if you can have a request-based authentication protocol with a random element in it.

Thus, it is not only a password, but also a code that uses a password to generate the correct answers that need to be reconstructed.

Then it can also be two-way authentication, i.e. your end can verify that the other side is also using the same protocol / algorithm and also has the same password.

And most importantly, then the password is never sent over the network, so you can’t sniff it.

Diffie-Helman key exchange is one of the widely used protocols for such a thing, but you can always use your own simple implementation if you want ambiguity, not real security. Well, real security is obviously out of your reach if everything can be decompiled and reconstructed from bytecode, but anyway ... :)

+1
source

It is very dangerous to store sensitive data on the client side, especially for a password, because .class files can be easily decompiled. Have you ever thought about using some kind of asymmetric encryption material? Like a public / private key pair or something like that?

+1
source

I like Stephen, but I would add ...

Security of the source code is also important. No matter which method you use to obfuscate the password, anyone who has access to the source can easily put System.out.println(password) and lock the password in which it was used, or run the code in debugging and stop the code for verification variables.

Even without compilation, anyone who has access to the jar can run the java program in debug mode and stop the program that uses the password and check the variable, trivial with the source code, but still executable only with the bank and some tools.

You might want the program to receive the password from the secure server when it needs it (via a web service call or something else), and that this server use a firewall to allow access to only certain IP addresses (if IP address client machines are known). It is still not safe, but at least it is something.

0
source

you can hash the password and even encrypt it if you want. take a look at this post, it may come in handy. Java - encrypt / decrypt username and password from configuration file

-1
source

More articles:


All Articles