Paul Rubin wrote: > You can't rely on anything like that, either on the Python GC side or > from the OS (which might have long since written the passphrase out to > the swap disk) without special arrangement.
we offered to disable swap for this app (its not memory intensive) but this level of precaution was beyond what is currently desired. i recently learned that Windows can be asked to zero the swap file during shutdown, though i know there are ways around this one pass write. > Some OS's have system > calls to lock user pages in memory and prevent swapping, and GPG tries > to use them. "Best practice" if you're doing a high security app > involves using special hardware modules to wrap the keys. understood, i meant best practice in terms of the less rigorous garbage collection. if the collect() function hastens garbage collection for unreferenced strings like a passphrase, it costs us nothing and buys us a wee bit. > The > relevant standard is FIPS 140-2, with FIPS-140-3 in preparation: > > http://csrc.nist.gov/cryptval/140-2.htm > http://csrc.nist.gov/cryptval/140-3.htm thanks for these. we may be called upon to up the security level at some point. > > For most purposes (e.g. some random web service), this stuff is > overkill, though. we're more sensitive than a web service, but not at the level of hardware protection. it is health data related, and for the moment we exceed the OMB's latest on laptop security: http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf i don't see a mention of swap files on there, but maybe i missed it. and the OMB doc exceeds the security level required by the client app. les schaffer -- http://mail.python.org/mailman/listinfo/python-list