Secure Passwords in Memory
matt
matt at virtualspectator.com
Sat Sep 30 17:56:49 EDT 2000
More information about the Python-list mailing list
Sat Sep 30 17:56:49 EDT 2000
- Previous message (by thread): Secure Passwords in Memory
- Next message (by thread): Secure Passwords in Memory
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Are you worried about someone snooping all your memory, or just having access to the core dump of a python process? If it is the latter, then it's nicer to catch termination signals and quit nicely. On Sun, 01 Oct 2000, Eric Gillespie, Jr. wrote: > On Sat, Sep 30, 2000 at 10:28:17PM +0000, > Ben Caradoc-Davies <bmcd at es.co.nz> wrote: > > If you store the password either in a string, or in a list of > characters > > (strings with length 1), or a list of integers, then this isn't going > to work, > > because Python strings and numbers are immutable. Even the list > contents will > > likely remain in the heap in order once freed. > > That's what i was afraid of. > > > More deviously, you could store the input as characters in an > > array object (array module), and use fromfile and tofile to > > move them around. You would then be able to erase the memory > > Won't i still need to create a string if i actually want to do > anything with the password? > > -- > Eric Gillespie, Jr. <*> epg at progenylinux.com > Software Developer > Progeny Linux Systems - http://progenylinux.com
- Previous message (by thread): Secure Passwords in Memory
- Next message (by thread): Secure Passwords in Memory
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list