Secure Passwords in Memory
matt
matt at virtualspectator.com
Sat Sep 30 17:56:49 EDT 2000
Are you worried about someone snooping all your memory, or just having access
to the core dump of a python process? If it is the latter, then it's nicer to
catch termination signals and quit nicely.
On Sun, 01 Oct 2000, Eric Gillespie, Jr. wrote:
> On Sat, Sep 30, 2000 at 10:28:17PM +0000,
> Ben Caradoc-Davies <bmcd at es.co.nz> wrote:
> > If you store the password either in a string, or in a list of
> characters
> > (strings with length 1), or a list of integers, then this isn't going
> to work,
> > because Python strings and numbers are immutable. Even the list
> contents will
> > likely remain in the heap in order once freed.
>
> That's what i was afraid of.
>
> > More deviously, you could store the input as characters in an
> > array object (array module), and use fromfile and tofile to
> > move them around. You would then be able to erase the memory
>
> Won't i still need to create a string if i actually want to do
> anything with the password?
>
> --
> Eric Gillespie, Jr. <*> epg at progenylinux.com
> Software Developer
> Progeny Linux Systems - http://progenylinux.com
More information about the Python-list
mailing list