Am 04.02.2013 02:54, schrieb Gregory P. Smith:
Correct. this isn't something that belongs in the core python language and types. something needing memory-pinning and secure wiping should be implemented as a special type (c extension module) for use with the c extension libraries that need those properties. as soon as anything enters python's own types or values ever make it into python code in any way, no guarantees can ever be made as to how many copies were made and scattered around the process's own address space. assume "many".
Python doesn't implement any sort of chain of custody for data internally.
I agree! A custom type came into my mind, too. Data wiping is merely a small part of the general issue. A confident and secure container for secrets must do more. For example it has to prevent the memory page from getting swapped to disk with mlock(2). Lot's of bad things can happen when you look at L1/L2/L3 CPU cache, hyper threading and virtualization. All that stuff makes it hard to conceal secrets.
On the bright side attacks rarely crack cryptography. In most cases it's easier, faster and less costly to do social engineering. Humans are lazy, ignorant and bribable.