On 04.02.2013 01:18, firstname.lastname@example.org wrote:
Some hours ago I sent an email to python-crypto asking how to securely wipe cryptographic secrets from memory: http://mail.python.org/pipermail/python-crypto/2013-February/001170.html
Antoine said that cryptographic secret wiping could be achieved if one uses bytearrays carefully and then overwrites their contents after use. I agree that this sounds reasonable, but I think it would be even better if that was a documented property of bytearrays.
If that property of bytearrays was specified in the Python standards, it would be easier for people who write cryptographic applications and libraries to use bytearrays correctly, and it would also guarantee that this property won't change in future versions of Python. Furthermore, it would help authors of cryptographic libraries to design their APIs and internal functions in a way that would allow the secure erasure of sensitive data.
Would this make sense or am I asking too much from Python?
I don't think there's any safe way to store crypto information in memory. You'd have to use a dedicated hardware crypto device to avoid leaking the keys (think memory reallocation, the OS swapping memory to disk, your code running on a VM, etc.). See e.g. http://c0decstuff.blogspot.de/2011/01/in-memory-extraction-of-ssl-private.ht... for an example on how to do this intentionally.
Not even OpenSSL tries to address this, so I think it's asking a bit much from Python ;-)
That said, adding a little more security to a custom blob type would certainly not hurt :-)
Here's some inspiration for locking and cleaning memory: http://c0decstuff.blogspot.de/2011/01/in-memory-extraction-of-ssl-private.ht... (pages 36ff)