How can I securely wipe a confidential data in memory in java with guarantee it will not be 'optimized'?

Question

String secret=\"foo\";
WhatILookFor.securelyWipe(secret);

And I need to know that it will not be removed by java optimizer.

Answer 1

You would need direct access to the memory.

You really wouldn't be able to do this with String, since you don't have reliable access to the string, and don't know if it's been interned somewhere, or if an object was created that you don't know about.

If you really needed to this, you'd have to do something like

public class SecureString implements CharSequence {
    char[] data;
    public void wipe() {
       for(int i = 0; i < data.length; i++) data[i] = '.'; // random char
    }
}

That being said, if you're worried about data still being in memory, you have to realize that if it was ever in memory at one point, than an attacker probably already got it. The only thing you realistically protect yourself from is if a core dump is flushed to a log file.

Regarding the optimizer, I incredibly doubt it will optimize away the operation. If you really needed it to, you could do something like this:

public int wipe() {
    // wipe the array to a random value
    java.util.Arrays.fill(data, (char)(rand.nextInt(60000));
    // compute hash to force optimizer to do the wipe
    int hash = 0;
    for(int i = 0; i < data.length; i++) {
        hash = hash * 31 + (int)data[i];
    }
    return hash;
}

This will force the compiler to do the wipe. It makes it roughly twice as long to run, but it's a pretty fast operation as it is, and doesn't increase the order of complexity.