from:"Chick"

securely getting the user's password

2008-03-08 Thread Chick

Hello,

I'm writing a security tool which requies wiping off the memory of
certain string after being used, which I've done by implementing it as
a mutable list as follow:

class secureStr:
def __init__(self, str):
self.__s = []
for i in range(len(str)):
self.s += str[i]

def __str__(self):
return "".join(self.__s)

def wipe(self):
for i in range(len(self.__s)):
self.s[i] = '\x00'

def __del__(self):
self.wipe()

My question is how do I write a function to securely get the password
from user (in text mode)? If I do sth like

import getpass
securePass = secureStr(getpass,getpass())

doesn't that create an immediate string object that will stay in
memory?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: securely getting the user's password

2008-03-08 Thread Chick

> But a far bigger security hole is that the password is sitting there in
> your securePass variable in plain text. What are you doing about that?

Precisely why I though to use wipe() that way. The password is there
in plain text as long as it has to and then one call of
securePass.wipe() and its memory is overwritten.

So I guess it is not possible in pure Python to lock the memory from
being swaped?
-- 
http://mail.python.org/mailman/listinfo/python-list

securely getting the user's password

Re: securely getting the user's password

2 matches

Site Navigation

Mail list logo

Footer information