Correct. this isn't something that belongs in the core python language and
types. something needing memory-pinning and secure wiping should be
implemented as a special type (c extension module) for use with the c
extension libraries that need those properties. as soon as anything enters
python's own types or values ever make it into python code in any way, no
guarantees can ever be made as to how many copies were made and scattered
around the process's own address space. assume "many".
Python doesn't implement any sort of chain of custody for data internally.
On Sun, Feb 3, 2013 at 5:11 PM, Christian Heimes
Some hours ago I sent an email to python-crypto asking how to securely wipe cryptographic secrets from memory: http://mail.python.org/pipermail/python-crypto/2013-February/001170.html
Antoine said that cryptographic secret wiping could be achieved if one uses bytearrays carefully and then overwrites their contents after use. I agree that this sounds reasonable, but I think it would be even better if that was a documented property of bytearrays.
That might work if you never ever resize a bytearray during its life cycle. A resize op calls realloc() which may copy the data to a new memory region. The old region isn't zeroed.
The approach only takes care of the object itself on the heap. Some function may store data on the stack or make a temporary copy to another memory location on the heap. You have to compensate for that. libtomcrypt has a function burn_stack() that allocates and overwrites memory on the stack with a recursive function call.
Christian
_______________________________________________ Python-ideas mailing list Python-ideas@python.org http://mail.python.org/mailman/listinfo/python-ideas