Secure Passwords in Memory
Eric Gillespie, Jr.
epg at progenylinux.com
Sat Sep 30 18:39:05 EDT 2000
On Sat, Sep 30, 2000 at 10:28:17PM +0000,
Ben Caradoc-Davies <bmcd at es.co.nz> wrote:
> If you store the password either in a string, or in a list of characters
> (strings with length 1), or a list of integers, then this isn't going to work,
> because Python strings and numbers are immutable. Even the list contents will
> likely remain in the heap in order once freed.
That's what i was afraid of.
> More deviously, you could store the input as characters in an
> array object (array module), and use fromfile and tofile to
> move them around. You would then be able to erase the memory
Won't i still need to create a string if i actually want to do
anything with the password?
--
Eric Gillespie, Jr. <*> epg at progenylinux.com
Software Developer
Progeny Linux Systems - http://progenylinux.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20000930/db66e2b6/attachment.sig>
More information about the Python-list
mailing list