[Python-ideas] Specification of procedures to store cryptographic secrets
Christian Heimes
christian at python.org
Mon Feb 4 03:12:38 CET 2013
Am 04.02.2013 02:54, schrieb Gregory P. Smith:
> Correct. this isn't something that belongs in the core python language
> and types. something needing memory-pinning and secure wiping should be
> implemented as a special type (c extension module) for use with the c
> extension libraries that need those properties. as soon as anything
> enters python's own types or values ever make it into python code in any
> way, no guarantees can ever be made as to how many copies were made and
> scattered around the process's own address space. assume "many".
>
> Python doesn't implement any sort of chain of custody for data internally.
I agree! A custom type came into my mind, too. Data wiping
is merely a small part of the general issue. A confident and secure
container for secrets must do more. For example it has to prevent the
memory page from getting swapped to disk with mlock(2). Lot's of bad
things can happen when you look at L1/L2/L3 CPU cache, hyper threading
and virtualization. All that stuff makes it hard to conceal secrets.
On the bright side attacks rarely crack cryptography. In most cases it's
easier, faster and less costly to do social engineering. Humans are
lazy, ignorant and bribable.
Christian
More information about the Python-ideas
mailing list