How to securely clear a String from memory?

Hi,
I want to securely remove the content of a String from memory after usage (think like an short lived encryption key), is String.clear() enough?

Should I overwrite the content of the String by other means?

Kind regards,
Sylvain Kerkour

.clear() only resets length to zero, doesn’t actually clear any data. Even if you try to clear the data, it probably won’t be secure — the optimizer may see it as pointless and remove such code.

You need to use special functions for this that guarantee the memory is actually modified, and clearing won’t be optimized away. Some examples:

8 Likes

I suspected that, thank you!

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.