__init__ is the initialiser

Ian Kelly ian.g.kelly at gmail.com
Mon Feb 3 18:44:21 CET 2014


On Mon, Feb 3, 2014 at 6:44 AM, Dennis Lee Bieber <wlfraed at ix.netcom.com> wrote:
> On Sun, 02 Feb 2014 18:40:59 -0500, Roy Smith <roy at panix.com> declaimed the
> following:
>
>>I'm reasonably sure you posted this as humor, but there is some truth in
>>what you said.  In the crypto/security domain, you often want to keep a
>>key or cleartext around only for the time it's needed, and scrub the
>>memory it was occupying as soon as it is no longer in use.
>>
>>I don't know how you would do that in Python.
>
>         Don't store it as text... Use a numeric array of byte values, which can
> then be run through a clearing procedure (overwrite with random values,
> overwrite with ones complement of same random values, overwrite with new
> random values).
>
>         Python may be caching the individual byte values, but the are unlikely
> to be in any sequence indicative of a key.

If Python interns the byte objects though, won't overwriting them lead
to subtle bugs later on as Python attempts to reuse them?  They may
even be reused already from earlier byte objects with the same values,
that may or may not still have references.



More information about the Python-list mailing list