Sensitive Data In Memory

Question

I\'m working on a Java password manager and I currently have all of the user\'s data, after being decrypted from a file, sitting around in memory at all times and stored pla

Answer 1

If your adversary has the ability to run arbitrary code on your target machine (with the debug privileges required to dump a process image), you are all sorts of screwed.

If your adversary has the ability to read memory at a distance accurately (ie. TEMPEST), you are all sorts of screwed.

Protect the data in transit and in storage (on the wire and on the disk), but don't worry* about data in memory.

_{*Ok, there are classes of programs that DO need to worry. 99.99% of all applications don't, I'm betting yours doesn't.}