Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 23/06/2018 06:21, Nathaniel Smith wrote: > On Fri, Jun 22, 2018 at 6:45 PM, Steven D'Aprano wrote: >> On Sat, Jun 23, 2018 at 01:33:59PM +1200, Greg Ewing wrote: >>> Chris Angelico wrote: Downside: You can't say "I'm done with this string, destroy it immediately". >>> >>> Also it w

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 23 June 2018 at 01:31, Ezequiel Brizuela [aka EHB or qlixed] wrote: > As all the string in python are immutable, is impossible to overwrite the > value or to make a "secure disposal" (overwrite-then-free) of a string using > something like: [...] > I propose to make the required changes on th

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 23 June 2018 at 12:13, Paul Moore wrote: > On 23 June 2018 at 01:31, Ezequiel Brizuela [aka EHB or qlixed] > wrote: >> As all the string in python are immutable, is impossible to overwrite the >> value or to make a "secure disposal" (overwrite-then-free) of a string using >> something like: B

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 23.06.2018 02:45, Chris Angelico wrote: > Would it suffice to flag the string as "this contains sensitive data, > please overwrite its buffer when it gets deallocated"? The only > difference, in your example, would be that the last print would show > the original data, and the wipe would happen

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

Would it not be much simpler and more secure to just disable core dumps? /etc/security/limits.conf on Linux. If the attacker can cause and read a core dump, the game seems over anyway since sooner or later he will catch the core dump at a time the string was not yet deleted. Stephan Op za 23 j

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

El vie., 22 de jun. de 2018 21:46, Chris Angelico escribió:. > > Since strings are immutable, it's entirely possible for them to be > shared in various ways. Having the string be wiped while still > existing seems to be a risky approach. (...) > > Downside: > You can't say "I'm done with this s

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 2018-06-23 15:57, Stephan Houben wrote: > Would it not be much simpler and more secure to just disable core dumps? > > /etc/security/limits.conf on Linux. > > If the attacker can cause and read a core dump, the game seems over > anyway since sooner or later he will catch the core dump at a tim

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 2018-06-23 07:21, Nathaniel Smith wrote: > On Fri, Jun 22, 2018 at 6:45 PM, Steven D'Aprano wrote: >> On Sat, Jun 23, 2018 at 01:33:59PM +1200, Greg Ewing wrote: >>> Chris Angelico wrote: Downside: You can't say "I'm done with this string, destroy it immediately". >>> >>> Also it woul

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

El sáb., 23 de jun. de 2018 10:58, Stephan Houben escribió: > Would it not be much simpler and more secure to just disable core dumps? > > /etc/security/limits.conf on Linux. > > If the attacker can cause and read a core dump, the game seems over anyway > since sooner or later he will catch the c

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On Sat, Jun 23, 2018 at 10:11 PM, M.-A. Lemburg wrote: > On 23.06.2018 02:45, Chris Angelico wrote: >> Would it suffice to flag the string as "this contains sensitive data, >> please overwrite its buffer when it gets deallocated"? The only >> difference, in your example, would be that the last pri

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

El vie., 22 de jun. de 2018 22:33, Terry Reedy escribió: > On 6/22/2018 8:31 PM, Ezequiel Brizuela [aka EHB or qlixed] wrote: > > As all the string in python are immutable, is impossible to overwrite > > the value > > Not if one uses ctypes. Is that what you did? > No. I was using exclusivelly

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On Sat, Jun 23, 2018 at 12:57 PM Christian Heimes wrote: > > If you need to protect sensitive data like private keys, then don't load > them into memory of your current process. It's that simple. :) Bugs like > heartbleed were an issue, because private key were in the same process > space as the

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 2018-06-23 21:55, Ezequiel Brizuela [aka EHB or qlixed] wrote: > > > El sáb., 23 de jun. de 2018 10:58, Stephan Houben > > escribió: > > Would it not be much simpler and more secure to just disable core dumps? > > /etc/security/limits.conf on Linux. > >

Re: [Python-ideas] Fwd: Trigonometry in degrees

>> However -- if this is really such a good idea -- wouldn't someone have make >> a C lib that does it? Or has someone? Anyone looked? > > No, there's nothing magical about C. You can do it in pure Python. Sure, but there are a number of FP subtleties around the edge cases. So wrapping (or transl

[Python-ideas] Replacing Infinite while Loops with an Iterator: async edition

I first learned the ``for chunk in iter(lambda: sock.recv(N), b'')`` trick from page 138 of Dave Beazley’s fantastic Python Cookbook (“4.16. Replacing Infinite while Loops with an Iterator”), and never looked back. When I started to play with consuming sockets asynchronously, it occurred to me tha

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

Paul Moore wrote: a = SafeStr("my secret data") ... work with a as if it were a string del a But in order to create the SafeStr, you need to first have the data in the form of an ordinary non-safe string. How do you dispose of that safely? -- Greg _

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

Christian Heimes wrote: You'd also need to ensure that the memory page is never paged to disk or a visible to gdb, ptrace, or any other kind of debugger. If the attacker can attach a debugger to your process, they can already do a lot worse than snoop on your secret strings. -- Greg __

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

Christian Heimes wrote: It's just a 90% secure solution, because the data will eventually land in public buffers. Seems like the only completely foolproof solution would have to involve some kind of quantum storage that can't be copied without destroying it. -- Greg ___

Re: [Python-ideas] Replacing Infinite while Loops with an Iterator: async edition

j...@math.brown.edu wrote: it would be nice if we could write an async version of this, as in ``async for chunk in aiter(...)``. The time machine seems to have taken care of this: https://docs.python.org/3.6/reference/compound_stmts.html#the-async-for-statement -- Greg ___

Re: [Python-ideas] Replacing Infinite while Loops with an Iterator: async edition

On Sat, Jun 23, 2018 at 5:58 PM, Greg Ewing wrote: > j...@math.brown.edu wrote: >> >> it would be nice if we could write an async version of this, as in ``async >> for chunk in aiter(...)``. > > The time machine seems to have taken care of this: > > https://docs.python.org/3.6/reference/compound_s

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On Sat, Jun 23, 2018 at 09:54:43PM +0200, Christian Heimes wrote: > If you need to protect sensitive data like private keys, then don't load > them into memory of your current process. It's that simple. :) How do ordinary Python programmers, like me, who want to do the Right Thing but without t

Re: [Python-ideas] Secure string disposal (maybe other inmutable seq types too?)

On 6/23/2018 8:14 PM, Greg Ewing wrote: Paul Moore wrote: a = SafeStr("my secret data") ... work with a as if it were a string del a But in order to create the SafeStr, you need to first have the data in the form of an ordinary non-safe string. How do you dispose of that safely? getpass cou