I made those minor edits in the end and pushed the changes. We should
examine usage of Arrays.fill(passwd, '0') in other parts of the JDK as a
follow up.
regards,
Sean.
On 22/08/2018 23:01, Seán Coffey wrote:
On 22 August 2018 19:22:49 IST, Ivan Gerasimov <ivan.gerasi...@oracle.com>
wrote:
Hi Seán!
Just a minor comment.
I don't know if it's even measurable in this context, but I was under
impression that filling memory with zero *bytes* might be a slightly
more efficient then filling with any other constant.
Maybe it is better to use Arrays.fill(passwd, '\0') instead of
Arrays.fill(passwd, '0') to give the JVM a chance to optimize filling
if
it's possible?
Interesting comment Ivan. I was not aware of such an effect! If you've further
references on that, I'd appreciate it. '0' is used in other, similar, fill
operations IIRC. Perhaps we can optimize such code across all security libs
code via another JBS issue.
Regards,
Sean.
