> Some hours ago I sent an email to python-crypto asking how to securelyThat might work if you never ever resize a bytearray during its life
> wipe cryptographic secrets from memory:
> Antoine said that cryptographic secret wiping could be achieved if one
> uses bytearrays carefully and then overwrites their contents after use. I
> agree that this sounds reasonable, but I think it would be even better if
> that was a documented property of bytearrays.
cycle. A resize op calls realloc() which may copy the data to a new
memory region. The old region isn't zeroed.
The approach only takes care of the object itself on the heap. Some
function may store data on the stack or make a temporary copy to another
memory location on the heap. You have to compensate for that.
libtomcrypt has a function burn_stack() that allocates and overwrites
memory on the stack with a recursive function call.
Python-ideas mailing list