Generating Secure Random Number Storing Deleting Passwords

Security Concern Refactoring – Putu Ashintya Widhiartha Katsuhisa Maruyama ISSN 1858-1633 2005 ICTS 97 Figure 5. Array Representation of Flattening Arrays refatoring.

3.3. Generating Secure Random Number

As mentioned above, generating random number seems become an unimportant aspect in security. However, if we could increase the security level of our code by altering a piece of our code without change the behavior of entire program, we should try to use more secure method or class in our code. For Java programmers, it does not need big effort for changing random generator to a more secure one. Java provides java.util.Random class for generating random number. Despite of using this class it will be better if we use its subclasses java security.SecureRandom. This class provides a cryptographically strong pseudo-random number generator PRNG. The Secure Random class must produce non-deterministic output and therefore it is required that the seed material should be unpredictable and the output of the SecureRandom class will be cryptographically strong sequences as described in RFC 1750: Randomness Recommendation for Security [9]. The mechanism of this refactoring could be observed in Figure 6. Perhaps people will ask what are the weaknesses of SecureRandom class compared with Random class? The answer is the features of SecureRandom are less than Random class. This is a common dilemma for secure programming since the features of the software and the security level usually opposite each other [3]. Figure 6. Secure Random Number refactoring

3.4. Storing Deleting Passwords

We know that in Java programming language String variable are immutable, it means we are not able to delete them from memory. This unique characteristic of Java String data type leads us to avoid using it for passwords because String passwords will stay in memory and vulnerable from snooping [10]. Even worse, if real memory runs low, the operating system might page this password String to the disk’s swap space. Therefore, it will be vulnerable to disk block snooping. The solution, although not a perfect solution, is by substituting the String passwords with Char arrays passwords. Figure 7 shows codes before and after applying the StoringDeleting Password Refactoring. The last line is needed in order to overwrite the value of PassKey variable in memory with fake value. Figure 7. Storing Deleting Password Refactoring

3.5. Smart Serialization