From desnacked at riseup.net Sun Feb 3 17:21:08 2013 From: desnacked at riseup.net (desnacked at riseup.net) Date: Sun, 3 Feb 2013 08:21:08 -0800 Subject: [python-crypto] Securely wiping cryptographic secrets in Python Message-ID: <13620f01fd4b3e56f639dd96fc0d215c.squirrel@fruiteater.riseup.net> Hi, if I have a Python program that uses sensitive cryptographic material, is there a way to securely wipe them from memory after use? In C, this is usually done by (_carefully_) overwriting the array where the secrets are stored. Is this possible to do in Python? I bet that if I try to overwrite a string in Python, there is absolutely no guarantee that the previous value of that string won't be copied somewhere else beforehand. What happens if I use a lower level structure, like a bytearray? Is that property of bytearrays guaranteed somewhere in the Python spec? Thanks! From solipsis at pitrou.net Sun Feb 3 17:40:30 2013 From: solipsis at pitrou.net (Antoine Pitrou) Date: Sun, 03 Feb 2013 17:40:30 +0100 Subject: [python-crypto] Securely wiping cryptographic secrets in Python In-Reply-To: <13620f01fd4b3e56f639dd96fc0d215c.squirrel@fruiteater.riseup.net> References: <13620f01fd4b3e56f639dd96fc0d215c.squirrel@fruiteater.riseup.net> Message-ID: <1359909630.3415.6.camel@localhost.localdomain> Hi, Le dimanche 03 f?vrier 2013 ? 08:21 -0800, desnacked at riseup.net a ?crit : > if I have a Python program that uses sensitive cryptographic material, is > there a way to securely wipe them from memory after use? > > In C, this is usually done by (_carefully_) overwriting the array where > the secrets are stored. Is this possible to do in Python? I bet that if I > try to overwrite a string in Python, there is absolutely no guarantee that > the previous value of that string won't be copied somewhere else > beforehand. What happens if I use a lower level structure, like a > bytearray? Is that property of bytearrays guaranteed somewhere in the > Python spec? Python (or at least *CPython*, the reference implementation) doesn't copy data without you asking. However, you are right that neither does it try to securely wipe data after a memory block is deallocated. Without modifying Python, you could indeed use a bytearray and overwrite the bytearray's contents when you are done. Be careful to do it without changing the bytearray's size, otherwise the internal buffer might be reallocated and the old contents be left untouched somewhere in memory. Also, be aware that any conversion from bytes to bytearray, or from bytearray to bytes, will also copy data around. So will many other operations such as slicing. Therefore, if your cryptography is written in Python, chances are that parts of your data will be duplicated around at some point. Regards Antoine. From desnacked at riseup.net Sun Feb 3 17:59:41 2013 From: desnacked at riseup.net (desnacked at riseup.net) Date: Sun, 3 Feb 2013 08:59:41 -0800 Subject: [python-crypto] Securely wiping cryptographic secrets in Python In-Reply-To: <1359909630.3415.6.camel@localhost.localdomain> References: <13620f01fd4b3e56f639dd96fc0d215c.squirrel@fruiteater.riseup.net> <1359909630.3415.6.camel@localhost.localdomain> Message-ID: > > Hi, > > Le dimanche 03 f?vrier 2013 ? 08:21 -0800, desnacked at riseup.net a > ?crit : >> if I have a Python program that uses sensitive cryptographic material, >> is >> there a way to securely wipe them from memory after use? >> >> In C, this is usually done by (_carefully_) overwriting the array where >> the secrets are stored. Is this possible to do in Python? I bet that if >> I >> try to overwrite a string in Python, there is absolutely no guarantee >> that >> the previous value of that string won't be copied somewhere else >> beforehand. What happens if I use a lower level structure, like a >> bytearray? Is that property of bytearrays guaranteed somewhere in the >> Python spec? > > Python (or at least *CPython*, the reference implementation) doesn't > copy data without you asking. However, you are right that neither does > it try to securely wipe data after a memory block is deallocated. > > Without modifying Python, you could indeed use a bytearray and overwrite > the bytearray's contents when you are done. Be careful to do it without > changing the bytearray's size, otherwise the internal buffer might be > reallocated and the old contents be left untouched somewhere in memory. > > Also, be aware that any conversion from bytes to bytearray, or from > bytearray to bytes, will also copy data around. So will many other > operations such as slicing. Therefore, if your cryptography is written > in Python, chances are that parts of your data will be duplicated around > at some point. > Thanks for the answer! Hm, I see. That's approximately the answer I got from other Python-savvy people too. Is there a chance that the Python project could publish an article with guidelines on how to treat bytearrays to _guarantee_ that no data leaking will occur? It's reassuring to hear the above from you, but it would be even better to have a paragraph on this matter on the Python specification. This way, applications using crypto and crypto libraries will know how to setup their APIs and internal functions to allow cryptographic secret wiping. From solipsis at pitrou.net Sun Feb 3 21:39:32 2013 From: solipsis at pitrou.net (Antoine Pitrou) Date: Sun, 03 Feb 2013 21:39:32 +0100 Subject: [python-crypto] Securely wiping cryptographic secrets in Python In-Reply-To: References: <13620f01fd4b3e56f639dd96fc0d215c.squirrel@fruiteater.riseup.net> <1359909630.3415.6.camel@localhost.localdomain> Message-ID: <1359923972.3415.30.camel@localhost.localdomain> Le dimanche 03 f?vrier 2013 ? 08:59 -0800, desnacked at riseup.net a > > > Python (or at least *CPython*, the reference implementation) doesn't > > copy data without you asking. However, you are right that neither does > > it try to securely wipe data after a memory block is deallocated. > > > > Without modifying Python, you could indeed use a bytearray and overwrite > > the bytearray's contents when you are done. Be careful to do it without > > changing the bytearray's size, otherwise the internal buffer might be > > reallocated and the old contents be left untouched somewhere in memory. > > > > Also, be aware that any conversion from bytes to bytearray, or from > > bytearray to bytes, will also copy data around. So will many other > > operations such as slicing. Therefore, if your cryptography is written > > in Python, chances are that parts of your data will be duplicated around > > at some point. > > > > Thanks for the answer! > > Hm, I see. That's approximately the answer I got from other Python-savvy > people too. > > Is there a chance that the Python project could publish an article with > guidelines on how to treat bytearrays to _guarantee_ that no data leaking > will occur? It's reassuring to hear the above from you, but it would be > even better to have a paragraph on this matter on the Python > specification. The thing is, we don't know what other Python implementations may do. (the explanation above was about CPython) That said, it would be a good thing to discuss, perhaps you want to post a topic on http://mail.python.org/mailman/listinfo/python-ideas ? Regards Antoine.