...
This noncompliant code example decrypts the password stored in credentials.txt.
it needs to be clearer that the issue here is that the program stores encrypted passwords to begin with
| Code Block | ||
|---|---|---|
| ||
class Password {
public static void main(String[] args) throws IOException {
char[] password = new char[100];
BufferedReader br = new BufferedReader(new InputStreamReader(
new FileInputStream("credentials.txt")));
// Reads the password into the char array, returns the number of bytes read
int n = br.read(password);
// Decrypt password, perform operations
for (int i = n - 1; i >= 0; i--) { // Manually clear out the password immediately after use
password[i] = 0;
}
br.close();
}
}
|
...
An attacker could potentially decrypt this file to discover the password. This attacker could be someone knows or has figured out the encryption scheme being used by the program.
...