On Fri, Mar 2, 2012 at 3:58 PM, Arturo Filastò <[email protected]> wrote: > We were discussing last night with George about deployability of python > application on multiple platforms. [....] > By talking to some of the core python developers my understanding is that > there is a way of > securely storing keys in memory and wiping that memory region in python. It > involves using > bytearray. We you override a cell in a byte array you are not simply > dereferencing the pointer > to the python struct, you are actually overwriting that portion of memory. > I think I might write a blog post about this and illustrate what other python > crypto software is > using to solve this problem (PyCrypto etc.).
What's the threat model here? On a single-user machine access to memory usually means game over anyway: you can be rooted and the keys read out. Or is this a matter of making 1 application that works for all threat models so that we can discover and root out bugs faster? Sincerely, Watson Ladd -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
