Re: GC and security

From: Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx>
Date: 30 Aug 2006 17:16:39 -0700

Les Schaffer <schaffer@xxxxxxxxxxxxx> writes:

so i am curious. so long as i drop all reference to the passphrase
string(s), eventually it gets garbage collected and the memory recycled.
so "before long" the phrase is gone from memory.

is there a best practice way to do this?

You can't rely on anything like that, either on the Python GC side or
from the OS (which might have long since written the passphrase out to
the swap disk) without special arrangement. Some OS's have system
calls to lock user pages in memory and prevent swapping, and GPG tries
to use them. "Best practice" if you're doing a high security app
involves using special hardware modules to wrap the keys. The
relevant standard is FIPS 140-2, with FIPS-140-3 in preparation:

http://csrc.nist.gov/cryptval/140-2.htm
http://csrc.nist.gov/cryptval/140-3.htm

For most purposes (e.g. some random web service), this stuff is
overkill, though.
.

Follow-Ups:
- Re: GC and security
  - From: Les Schaffer

References:
- GC and security
  - From: Les Schaffer

Prev by Date: Re: question about SOAPpy
Next by Date: Re: newbe question about removing items from one file to another file
Previous by thread: Re: GC and security
Next by thread: Re: GC and security
Index(es):
- Date
- Thread

Relevant Pages

Re: Short practice session
... the songs I have been working on lately, from memory. ... various tube amps in the basement and practice more like I am on a job. ... that time to develop new things that will stretch you, ...
(rec.music.makers.guitar.jazz)
Re: Maintain list of attached event handlers (.Net 1.1)
... of memory is done when it is required/when it is convenient. ... That's why it is common practice to release ... tree and removes all of the handlers. ... BUT b) because I'm going to use a belt and braces approach. ...
(microsoft.public.dotnet.framework)
Re: Zero Rreferences (was:Stupid Question)
... > drieux wrote: ... > like its not just on NT that programs retain their memory allocations. ... Think about what happens when you Perl Extension ... Folks need to remember that 'best practice' ...
(perl.beginners)
Re: Article of interest: Python pros/cons for the enterprise
... from many articles and postings across the internet memory management ... There are other downsides to garbage collection, ... not the way it goes in practice nowadays, ...
(comp.lang.python)
Re: Portable Measurement of Pointer Alignment in C?
... memory are not aligned on specific memory boundaries. ... control over the memory alignment of its parameters ... In other cases, even though buffer base addresses have been aligned, it may not be easy to ensure the alignment of the addresses passed to the cryptographic code since encryption may be needed on only the upper part of an allocated buffer and timing constraints may prevent realignment by copying. ... practice on the highest proportion of widely deployed processors ...
(comp.lang.c)