Should PBEKeySpec#clearPassword be invoked in StandardPBEByteEncryptor#initialize?

Brought to you by: chuspicosvilar, dfernandez, hokitorres

#39 Should PBEKeySpec#clearPassword be invoked in StandardPBEByteEncryptor#initialize?

Milestone: v1.9.x

Status: open

Owner: nobody

Labels: None

Priority: 3

Updated: 2015-02-25

Created: 2015-02-25

Creator: eiden

Private: No

In StandardPBEByteEncryptor#initialize great care is taken to clear the password char[] array.

On line 666 an instance of PBEKeySpec is created:
final PBEKeySpec pbeKeySpec = new PBEKeySpec(normalizedPassword);

Would it be a good idea to call PBEKeySpec#clearPassword() on this after the calls to factory#generateSecret has completed?