Generating Secure Random Number Storing Deleting Passwords
3.3. Generating Secure Random Number
As mentioned above, generating random number seems become an unimportant aspect in security. However, if we could increase the security level of our code by altering a piece of our code without change the behavior of entire program, we should try to use more secure method or class in our code. For Java programmers, it does not need big effort for changing random generator to a more secure one. Java provides java.util.Random class for generating random number. Despite of using this class it will be better if we use its subclasses java security.SecureRandom. This class provides a cryptographically strong pseudo-random number generator PRNG. The Secure Random class must produce non-deterministic output and therefore it is required that the seed material should be unpredictable and the output of the SecureRandom class will be cryptographically strong sequences as described in RFC 1750: Randomness Recommendation for Security [9]. The mechanism of this refactoring could be observed in Figure 6. Perhaps people will ask what are the weaknesses of SecureRandom class compared with Random class? The answer is the features of SecureRandom are less than Random class. This is a common dilemma for secure programming since the features of the software and the security level usually opposite each other [3]. Figure 6. Secure Random Number refactoring3.4. Storing Deleting Passwords
We know that in Java programming language String variable are immutable, it means we are not able to delete them from memory. This unique characteristic of Java String data type leads us to avoid using it for passwords because String passwords will stay in memory and vulnerable from snooping [10]. Even worse, if real memory runs low, the operating system might page this password String to the disk’s swap space. Therefore, it will be vulnerable to disk block snooping. The solution, although not a perfect solution, is by substituting the String passwords with Char arrays passwords. Figure 7 shows codes before and after applying the StoringDeleting Password Refactoring. The last line is needed in order to overwrite the value of PassKey variable in memory with fake value. Figure 7. Storing Deleting Password Refactoring3.5. Smart Serialization
Parts
» INTRODUCTION ICTS2005 The Proceeding
» Opening Fundamental Operations of Mathematical Morphology
» Morphological filter Filter theorem
» Granulometry and size distribution
» PGPC texture model and estimation of the optimal structuring element: The PGPC
» CONCLUSIONS ICTS2005 The Proceeding
» Non-ergodicity parameters RESULTS AND DISCUSSIONS 1 Partial structure factors and
» SIMULATIONS CONCLUSION ICTS2005 The Proceeding
» IMAGE RECONSTRUCTION SYSTEM DESIGN
» RESULT CONCLUSION ICTS2005 The Proceeding
» MULTI-RESOLUTION HISTOGRAM TECHNIQUE DATA
» VALIDATION STRATEGY RESULTS AND DISCUSSION
» CONCLUSION ICTS2005 The Proceeding
» INTRODUCTION DISTILATION COLUMN AND ARTIFICIAL NEURAL NETWORK
» Using Temperature Correlation Using Flow Rate Correlation
» INTRODUCTION DETECTION OF SINGLE TREE FELLING WITH SOFT
» Supervised Fuzzy c-means Method
» Neural Network classification METHOD 1. Datasets
» Neural Network Classification Results
» Comparison of Classification Results
» DISCUSSIONS ICTS2005 The Proceeding
» CONCLUSION ACKNOWLEDGEMENT ICTS2005 The Proceeding
» Caching Access List BANDWIDTH MANAGEMENT IMPLEMENTATION
» Rate Limiting BANDWIDTH MANAGEMENT IMPLEMENTATION
» BANDWIDTH MANAGEMENT CONCEPTS RESULT
» The Architecture of UML Elements Model Element
» Diagram Element Editing SYSTEM ARCHITECTURE
» Server Application Architecture Undo
» INTRODUCTION IMPLEMENTATION TESTING ICTS2005 The Proceeding
» INTRODUCTION E-PURSE ICTS2005 The Proceeding
» Interfaces Verification Tool POS – Smart Card
» MULTI AGENT SYSTEM MAS A WEIGHTED-TREE SIMILARITY ALGORITHMS
» RESULTS ICTS2005 The Proceeding
» Facial Animation Morphing and Deformation Cross Dissolve
» Feature Morphing Mesh Morphing Text-to-Speech TTS Basic Block
» Text-to-Video Algorithm Text-To-Video Stake And Desain
» Suggestion CONCLUSION AND SUGGESTION 1 Conclusion
» The Concept SHARE-IT SYSTEM ARCHITECTURE
» SHARING SCENARIO CONCLUSION ICTS2005 The Proceeding
» The Bayesian Network Model and Modified Bayesian Optimization
» Designs and Implementation SCHEDULING MODEL AND IMPLEMENTATION
» Comparison Proposed Schedule with Real Schedule
» Face-to-Face Technique Long Distance Technique
» Scenario to motivate. Context_Selection Applikasi.
» INTRODUCTION ARCHITECTURE. CONCLUSION. ICTS2005 The Proceeding
» SUGGESTION ICTS2005 The Proceeding
» Data Flow Database Structure
» EXPERIMENTAL RESULT ICTS2005 The Proceeding
» Investment Stock Prototyping System Design
» Database Model Stock Valuation
» INTRODUCTION METHODOLOGY ICTS2005 The Proceeding
» Buffer Overrun Cryptography Random Numbers
» Anti-Tampering Error Handling Injection Flaws
» Encapsulate Field Restructuring Arrays
» Generating Secure Random Number Storing Deleting Passwords
» Smart Serialization Message Digest
» Convert Message with Private Key to Public Key
» INTRODUCTION CURRENT STATUS ICTS2005 The Proceeding
» INTRODUCTION PROPOSED SIMULATION MODEL
» PARALLELIZATION STRATEGY ICTS2005 The Proceeding
» EXPERIMENTS AND DISCUSSION CONCLUSION
» INTRODUCTION RESULTS AND DISCUSSION
» EXPERIMENTAL ICTS2005 The Proceeding
» RESULT AND DISCUSSION ICTS2005 The Proceeding
» Color segmentation SYSTEM CONFIGURATION
» FEATURE CHARACTERISTICS AND GENERAL RULE
» EXPERIMENTAL RESULT CONCLUSION ICTS2005 The Proceeding
» INTRODUCTION REVIEW OF LITERATURE
» Social Economics Impact. Restructuring Impact
» Manager Application Mobile Agent Generator MAG Mobile Agents MAs
» SNMP Table Polling SNMP Table Filtering
» BREAST CARCINOMA TUMOR ICTS2005 The Proceeding
» WATERSHED ALGORITHM METHODS ICTS2005 The Proceeding
» RESULT AND DISCUSION ICTS2005 The Proceeding
» FADED INFORMATION FIELD ARCHITECTURE
» ALGORITHMS TO CHOOSE NODES TO CREATE THE FADED
» SYSTEM SIMULATIONS ICTS2005 The Proceeding
» Model and Teory MODEL, TEORY, DESIGN, IMPLEMENTATION AND
» INTRODUCTION ANALYSIS AND RESULT
» INTRODUCTION A SIMPLE MODEL OF THE QUEUING SYSTEM
» SIMULATION RESULTS DISCUSSION ICTS2005 The Proceeding
» CONCLUSION INTRODUCTION ICTS2005 The Proceeding
» Dialog Processing ADDING NONVERBAL BEHAVIOUR
» Emotion Expression Experiment ADDING NONVERBAL BEHAVIOUR
» NATURAL LANGUAGE PROCESSING EMOTION REASONING
» Fuzzy Logic Control FLC System Planning
» Digital To Analog Converter DAC Motor Driver Position Sensor Display Unit
» INTRODUCTION CONCLUSION ICTS2005 The Proceeding
» Variable-Centered Rule Structure VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» Knowledge Refinement VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» Knowledge Building VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» Knowledge Inferencing VARIABLE-CENTERED INTELLIGENT RULE SYSTEM
» INTRODUCTION BASIC CONCEPTS OF FUZZY SETS
» Calculation of the Fitness Degree
» ESTIMATING MULTIPLE NULL VALUES IN RELATIONAL
» Chen’s [6] Result This Improving Method’s Result
» The Fuzzy Set HISTOGRAM THRESHOLDING
» Fuzzy Set Similarity HISTOGRAM THRESHOLDING
» EXPERIMENTAL RESULTS ICTS2005 The Proceeding
Show more