On Sun, Feb 3, 2013 at 7:18 PM, firstname.lastname@example.org wrote:
If that property of bytearrays was specified in the Python standards, it would be easier for people who write cryptographic applications and libraries to use bytearrays correctly, and it would also guarantee that this property won't change in future versions of Python. Furthermore, it would help authors of cryptographic libraries to design their APIs and internal functions in a way that would allow the secure erasure of sensitive data.
It would similarly be helpful to add low-level support for "pinning" such memory so that it is not written to backing store. While that can be done with the mmap module, the details are tricky.
I don't think that this belongs in the Python core, though. Rather, I think that this should be implemented in a module which can be used in conjunction with bytearrays, mmap, and any other necessary pieces of the core and stdlib. In fact, such a thing might already exist - I haven't looked (it's really not within my area of interest)
Putting such a thing in the stdlib might achieve the guarantee you suggest, but it might not. It really just shifts responsibility for ensuring good cryptographic programming onto people who spend their time implementing programming languages.