[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Deployability of Python software.
On Fri, Mar 2, 2012 at 3:58 PM, Arturo Filastà <hellais@xxxxxxxxxxxxxx> wrote:
> We were discussing last night with George about deployability of python
> application on multiple platforms.
[....]
> By talking to some of the core python developers my understanding is that there is a way of
> securely storing keys in memory and wiping that memory region in python. It involves using
> bytearray. We you override a cell in a byte array you are not simply dereferencing the pointer
> to the python struct, you are actually overwriting that portion of memory.
> I think I might write a blog post about this and illustrate what other python crypto software is
> using to solve this problem (PyCrypto etc.).
What's the threat model here? On a single-user machine access to
memory usually means game over anyway: you can be rooted and the keys
read out. Or is this a matter of making 1 application that works for
all threat models so that we can discover and root out bugs faster?
Sincerely,
Watson Ladd
--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev