[python-crypto] Securely wiping cryptographic secrets in Python

desnacked at riseup.net desnacked at riseup.net
Sun Feb 3 17:21:08 CET 2013


if I have a Python program that uses sensitive cryptographic material, is
there a way to securely wipe them from memory after use?

In C, this is usually done by (_carefully_) overwriting the array where
the secrets are stored. Is this possible to do in Python? I bet that if I
try to overwrite a string in Python, there is absolutely no guarantee that
the previous value of that string won't be copied somewhere else
beforehand. What happens if I use a lower level structure, like a
bytearray? Is that property of bytearrays guaranteed somewhere in the
Python spec?


More information about the python-crypto mailing list