GC and security
i am working on a python application that uses encryption as part of its
security features. so then at some point someone has to enter a
passphrase into the system and passed into a decryption functions (we
are using gpg via subprocess).
so i am curious. so long as i drop all reference to the passphrase
string(s), eventually it gets garbage collected and the memory recycled.
so "before long" the phrase is gone from memory.
is there a best practice way to do this?
thanks
Les Schaffer
.
Relevant Pages
- Re: On the Recent PGP and Truecrypt Posting
... changing the passphrase would lock out prior users. ... Clearly a users with a backup copy of an encrypted disk for which they ... clear that real world users actually understand the need to re-encrypt ... You will also also see the architecture extend to some *very* cool storage encryption very soon. ...
(Bugtraq) - Re: Hash question ...
... header of the file. ... When a user enters an incorrect passphrase, ... if I generate an encryption key with the ... could I safely store the SHA of the passphrase ...
(sci.crypt) - Re: needed: reviewers for an implementaion of AES
... This passphrase becomes the default ... encryption key, but is used to generate a 256 bit encryption key called ... encrypted with any file key which uses this master key structure. ... using the master key IV and CBC block chaining. ...
(sci.crypt) - Re: Help secure my data (They will steal my drive)
... but it supports strong password-based encryption and can be ... printable ascii characters about 6.5 bit per character. ... In case your passphrase is not trivial it's much more likely an attacker ... will try to recover plaintext from swap files/virtual memory and from ...
(sci.crypt) - Re: Symmetric encryption: why not use private keys?
... > for traditional symmetric encryption. ... > that you have to be very careful to choose a passphrase with enough ... This would mean rock-solid encryption as ... secret key ring used for public key crypto. ...
(sci.crypt) |
|
