[python-crypto] Securely wiping cryptographic secrets in Python
Antoine Pitrou
solipsis at pitrou.net
Sun Feb 3 21:39:32 CET 2013
Le dimanche 03 février 2013 à 08:59 -0800, desnacked at riseup.net a
>
> > Python (or at least *CPython*, the reference implementation) doesn't
> > copy data without you asking. However, you are right that neither does
> > it try to securely wipe data after a memory block is deallocated.
> >
> > Without modifying Python, you could indeed use a bytearray and overwrite
> > the bytearray's contents when you are done. Be careful to do it without
> > changing the bytearray's size, otherwise the internal buffer might be
> > reallocated and the old contents be left untouched somewhere in memory.
> >
> > Also, be aware that any conversion from bytes to bytearray, or from
> > bytearray to bytes, will also copy data around. So will many other
> > operations such as slicing. Therefore, if your cryptography is written
> > in Python, chances are that parts of your data will be duplicated around
> > at some point.
> >
>
> Thanks for the answer!
>
> Hm, I see. That's approximately the answer I got from other Python-savvy
> people too.
>
> Is there a chance that the Python project could publish an article with
> guidelines on how to treat bytearrays to _guarantee_ that no data leaking
> will occur? It's reassuring to hear the above from you, but it would be
> even better to have a paragraph on this matter on the Python
> specification.
The thing is, we don't know what other Python implementations may do.
(the explanation above was about CPython)
That said, it would be a good thing to discuss, perhaps you want to post
a topic on http://mail.python.org/mailman/listinfo/python-ideas ?
Regards
Antoine.
More information about the python-crypto
mailing list