Sensitive Data In Memory

Question

I\'m working on a Java password manager and I currently have all of the user\'s data, after being decrypted from a file, sitting around in memory at all times and stored pla

Answer 1

In theory, you cannot protect anything in memory completely. Some group out there managed to deep freeze the memory chips and read their contents 4 hours after the computer was turned off. Even without going to such lengths, a debugger and a breakpoint at just the right time will do the trick.

Practically though, just don't hold the plaintext in memory for longer than absolutely necessary. A determined enough attacker will get to it, but oh well.