GC and security
Tim N. van der Leeuw
tnleeuw at gmail.com
Thu Aug 31 04:00:44 EDT 2006
Fredrik Lundh wrote:
> Les Schaffer wrote:
>
> > i am working on a python application that uses encryption as part of its
> > security features. so then at some point someone has to enter a
> > passphrase into the system and passed into a decryption functions (we
> > are using gpg via subprocess).
> >
> > so i am curious. so long as i drop all reference to the passphrase
> > string(s), eventually it gets garbage collected and the memory recycled.
> > so "before long" the phrase is gone from memory.
>
> Since Python uses reference counting, if you drop all references, the
> object is garbaged collected immediately, and the associated memory is
> freed. However, freeing memory doesn't mean that the memory is cleared,
> so the passphrase will still be visible in memory, until some other part
> of your program allocates the same memory area and overwrites it.
>
> you could obscure things a bit by storing the passphrase as a list of
> characters, or a list of integers, and write it to gpg one character at
> a time (if that's possible; if not, you may need to write a custom
> extension that builds a command string in a C-level buffer, runs the
> command, and then overwrites the buffer before returning).
Storing the passphrase as a list of something has the advantage that
you could set all list-entries to zero, None or random values before
the list goes out of scope. The individual characters from the
passphrase can of course still be snooped from memory, somehow, in
theory -- but without any coherence. (At most the coherence of the
order of allocation).
However, such obfuscation does not make any real sense unless the
passphrase is always stored in a list and in a list only; if it enters
your program in the form of a string somehow then basically such
obfuscations seem very meaningless to me.
Perhaps the Python interpreter should be extended with a new C Type,
'secure_string', which clears all it's bytes before being freed. (Just
phantasizing out loud here, not being in any way serious!)
>
> </F>
Cheers,
--Tim
More information about the Python-list
mailing list