BigInteger Security Problems!

Wolfgang Platzer (wplatzer@iaik.tu-graz.ac.at)
Thu, 15 Oct 1998 09:04:25 +0200

We are developing Java Security software (IAIK-JCE, iSaSiLk) and encounte=
red
a big problem with BigIntegers.
BigIntegers very often store extreme sensitive information like private
keys, messages in plain and so on. To avoid attacks from programs scaning
the memory or the swap file we have to keep these sensitive information
encrypted in memory or delete them immediatly after a operation has been
performed.

But with the current BigInteger implementation this is impossible. And ou=
r
custumers force us to find a solution for this problem.

Therefore my question is: Do you plan something in that direction with
JDK1.2? Otherwise we will have to write our own BigInteger implementaion.

Regards

Wolfgang Platzer

--
Dipl.-Ing. Wolfgang Platzer
Technische Universitaet Graz - University of Technology Graz
Institut f=FCr Angewandte Informationsverarbeitung
und Kommunikationstechnologien
Klosterwiesgasse 32/I, A-8010 Graz,
Tel: ++43 316 873-5527,Fax: ++43 316 873-5520
URL <http://www.iaik.tu-graz.ac.at/index.html>