On Sat, Jun 23, 2018 at 12:57 PM Christian Heimes <christ...@python.org> wrote:
> > If you need to protect sensitive data like private keys, then don't load > them into memory of your current process. It's that simple. :) Bugs like > heartbleed were an issue, because private key were in the same process > space as the TLS/SSL code. Solutions like gpg-agent, ssh-agent, TPM, > HSM, Linux's keyring and AF_ALG socket all aim to offload operations > with private key material into a secure subprocess, Kernel space or > special hardware. > +10 It is fundamentally impossible for a Python VM (certainly CPython) to implement any sort of guaranteed erasure of data and/or control over data to prevent copying that is ever stored in a Python object. This is not unique to Python. All interpreted and jitted VMs share this trait, as do most languages with garbage collection. ex: Java, Ruby, Go, etc. Trying to pretend we could offer tracking and wiping of sensitive data in-process is harmful at best as it cannot be guaranteed and thus gives the wrong impression and will lead to misuse by people who ignore that. -gps
_______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
