Andrew,
If you notice the call to `BN_clear_free`, it zeros the memory of the key
once it gets garbage collected.
However, as several others have explained, this does not prevent the memory
getting stored on the disk in some manner.
-tux
On Feb 22, 2018 14:41, "Andrew W. Donoho" wrote:
>
>
>
> On Feb 20, 2018, at 11:00 , cryptography-dev-requ...@python.org wrote:
>
> ec.derive_private_key_from_bytes(secret_bytes, ec.SECP384R1(), backend)
> could potentially be a way to do this specific operation while reducing the
> number of copies (to zero in Python and 2-3 in OpenSSL, although th
> On Feb 20, 2018, at 11:00 , cryptography-dev-requ...@python.org wrote:
> Date: Mon, 19 Feb 2018 17:14:25 -0800
> From: Paul Kehrer
> To: cryptography-dev@python.org
> Subject: Re: [Cryptography-dev] Cryptography-dev Digest, Vol 54, Issue
> 2
> Message-ID:
>
> Content-Type: text/pl
You might have a look at:
https://github.com/dnet/pysecstr
Here is a longer description about the used method:
https://www.sjoerdlangkemper.nl/2016/06/09/clearing-memory-in-python/
Disclaimer: This is not a recommendation just a hint for further
exploration. Be also aware that you can't control i
Afaik, there is no reliable way to do this in Python.
I have taken some time to implement some OpenSSL methods that at least
clear the memory on private numbers before freeing it in BIGNUMBER
operations.
See the PR here: https://github.com/pyca/cryptography/pull/4072
However, as it comes for the
This is an area I've spent a fairly significant amount of time
investigating. My conclusion was "no, there is no reliable way to do this",
but I'd love to be proven wrong.
The fundamental problem is that how exactly stores
variables in memory is not defined as part of the implementation
requireme
Gentlefolk,
Apparently, my Google-fu is weak and I come seeking advice.
Secret management is important. In particular, I want to make sure that
any secrets I decrypt are erased from memory before the storage is reclaimed by
the VM. In other environments, I would just dig into
