[Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

Terry Reedy tjreedy at udel.edu
Fri Jun 22 21:32:42 EDT 2018

On 6/22/2018 8:31 PM, Ezequiel Brizuela [aka EHB or qlixed] wrote:
> As all the string in python are immutable, is impossible to overwrite 
> the value

Not if one uses ctypes.  Is that what you did?

>    Well I already do it:
> https://github.com/qlixed/python-memwiper/ 

> But i hit a lot of problems in the road, I was working on me free time 
> over the last year on this and make it "almost" work, but that is not 
> relevant to the proposal.

I think it is.  A very small fraction of Python users need such wiping.

And I doubt that it can be complete.  For instance, I suspect that a 
password entered into getpass, for instance, first exists in OS form 
before being copied into a Python string objects.  Wiping the Python 
string  would not wipe the original copy.  So this really should be 
attacked at the OS level, not the language level.  I have read that 
phones use separate memory for critical data to try to protect critical 

Terry Jan Reedy

More information about the Python-ideas mailing list