Correct.  this isn't something that belongs in the core python language and types.  something needing memory-pinning and secure wiping should be implemented as a special type (c extension module) for use with the c extension libraries that need those properties.  as soon as anything enters python's own types or values ever make it into python code in any way, no guarantees can ever be made as to how many copies were made and scattered around the process's own address space.  assume "many".

Python doesn't implement any sort of chain of custody for data internally.

On Sun, Feb 3, 2013 at 5:11 PM, Christian Heimes <> wrote:
> Some hours ago I sent an email to python-crypto asking how to securely
> wipe cryptographic secrets from memory:
> Antoine said that cryptographic secret wiping could be achieved if one
> uses bytearrays carefully and then overwrites their contents after use. I
> agree that this sounds reasonable, but I think it would be even better if
> that was a documented property of bytearrays.

That might work if you never ever resize a bytearray during its life
cycle. A resize op calls realloc() which may copy the data to a new
memory region. The old region isn't zeroed.

The approach only takes care of the object itself on the heap. Some
function may store data on the stack or make a temporary copy to another
memory location on the heap. You have to compensate for that.
libtomcrypt has a function burn_stack() that allocates and overwrites
memory on the stack with a recursive function call.


Python-ideas mailing list