Les Schaffer <[EMAIL PROTECTED]> writes: > understood, i meant best practice in terms of the less rigorous garbage > collection. if the collect() function hastens garbage collection for > unreferenced strings like a passphrase, it costs us nothing and buys us > a wee bit.
GC simply releases the memory for other uses in the application. It doesn't necessarily zero the memory. Just what attack are you trying to protect against, if swap space is less of a problem than leaving keys around in ram? Keep in mind that the weakest part of this application is likely to be the passphrase itself. Is there a way to get rid of it? > we're more sensitive than a web service, but not at the level of > hardware protection. it is health data related, and for the moment we > exceed the OMB's latest on laptop security: Is this data on a laptop? Why do you want to do encryption in the application, instead of using an encrypted file system? Is there some obstacle to using a token (like a smart card) to hold the key? -- http://mail.python.org/mailman/listinfo/python-list
