What's the optimal method to obscure String(Java - Serialization)

StackOverflow https://stackoverflow.com//questions/25002093

سؤال

What's the optimal method to obscure String

For learning purposes I've decided to dig in a bit more into Java Serialization, most of it is fine. However I've been coming across this weird issue when trying to apply simple obscuring to String values.

Situation breakdown: I'm looking to 'obscure' not encrypt certain data that is passed from Profile Creation frame. Adding simple noise to all the profile details such as Profile Username, Password, Name, Surname etc.

The desired result is simple and works at times and sometimes it simply misses certain characters. Example:

Profile name: "John" is then turned into " ~nh#j@o^ " and ofcourse de-obscured back to "John"

The issue presents itself in the obscuring part. I'm printing the results to check if everything is alright, instead of "John" it will lose certain characters(1-2) and continue adding characters, like so:

Profile name: "John" is then turned into " ~n#j@o^ " and then de-obscured back to "Jon"

Which is a strange issue. I've looked around in articles and sort of 'mimicked' the obscuring style so that I wouldn't go way off touch.

Here is an example of how my Profile name is obscured:

                String nFirstCut = p.getName().substring(0, nSplit); //The first 'slice'
                String nSecondCut = p.getName().substring(nSplit+1, nSplit*2); //The second 'slice'
                String nThirdCut = p.getName().substring(nSplit*2+1); //The third 'slice'

                /*
                 * New Obscured name is now - second 'slice' + randomCharacter + first 'slice'
                 * + randomCharacter + third 'slice'
                 */
                String nObcName = nSecondCut + obcChars[q] + nFirstCut
                        + obcChars[r] + nThirdCut + obcChars[s];
                p.setName(nObcName);

Note: nSplit is simple the length of getName() divided by 3(To produce 3 'slices')

Also, wanted to add. This is far worse when trying to obscure the password from a JPasswordField#getPassword() as opposed to JTextField#getText(). Not sure as to why either

هل كانت مفيدة؟

المحلول

Looks like concurrency issue, maybe you could try to extract method call p.getName() into local variable, to be sure that you're working with the same instance of name

Take a look at how Jetty does this : https://gist.github.com/slevental/0c902da60a1f6f931420

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top