Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Erase other identical phrases #4

Closed
estevopaz opened this issue Jan 4, 2018 · 1 comment
Closed

Erase other identical phrases #4

estevopaz opened this issue Jan 4, 2018 · 1 comment

Comments

@estevopaz
Copy link 

import SecureString

secret = 'foo'
secret_2 = secret
secret_3 = 'foo'

SecureString.clearmem(secret)

print('Secret: ' + secret)
print('Secret copy: ' + secret_2)
print('New identical secret: ' + secret_3)

Output:

Secret: 
Secret copy: 
New identical secret:

secret_3 is also erased despite no called to erase.
I understand that python (3.6 in my case) reuse memory for identical phrases,
so probably we must live with this.

So I open this issue only to confirm if some solution is possible or not, thanks a lot ;)
@dnet
Copy link
Owner

dnet commented Jan 4, 2018

You're right, unfortunately this project breaks some core assumptions within the Python VM. Mind you, this only affects string literals defined in the source code, whether defined directly or in a way that could be computed easily. So when used for that sole really important task of erasing cryptographic secrets, this shouldn't cause any problems.

See this example below:

>>> a = 'foo'
>>> b = 'foo'
>>> id(a), id(b)
(140562558659400, 140562558659400)
>>> c = 'fo' + 'o'
>>> id(c)
140562558659400
>>> c = a[:1] + b[1:]
>>> id(c)
140562558659560

@dnet dnet closed this as completed Jan 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dnet @estevopaz