So I have a program that has the user enter a passphrase. I only hold the passphrase for a few seconds in a char[] before overwriting it but I was wondering if there was a way in Java to prevent the OS from swapping this bit to disk/virtual memory/any more permanent storage than RAM? Research on the topic seems to say no, there is not a way but no where has given me a straight answer yet. I'm also not sure if I can achieve this by using mlock() somehow or by keeping a reference to the value active until I no longer need it.
Thanks!
What you need to do is: Use a
char[]for storing the passwords. And when you are done with the password, just over write the array with 0's, so that if an attacker tries to scan all the memory to find the password, and Java GC has not gotten rid of the variable till then, the attacker will not be able to retrieve the password because you have over written the array itself.Cheers.
Edit: When the kernel starts using the HDD to offload stress on the RAM, the space on the HDD acts like RAM, meaning that it does not permanently store the data given to it.