Mark data as sensitive in python

by

Edit

I have made a solution that uses ctypes (which in turn uses C) to zero memory.

import sys
import ctypes

def zerome(string):
    location = id(string) + 20
    size     = sys.getsizeof(string) - 20

    memset =  ctypes.cdll.msvcrt.memset
    # For Linux, use the following. Change the 6 to whatever it is on your computer.
    # memset =  ctypes.CDLL("libc.so.6").memset

    print "Clearing 0x%08x size %i bytes" % (location, size)

    memset(location, 0, size)

I make no guarantees of the safety of this code. It is tested to work on x86 and CPython 2.6.2. A longer writeup is here.

Decrypting and encrypting in Python will not work. Strings and Integers are interned and persistent, which means you are leaving a mess of password information all over the place.

Hashing is the standard answer, though of course the plaintext eventually needs to be processed somewhere.

The correct solution is to do the sensitive processes as a C module.

But if your memory is constantly being compromised, I would rethink your security setup.

More Related Contents:

  1. Securely Erasing Password in Memory (Python)
  2. Why is sudo not accepting my sudo password? [closed]
  3. What are the risks of running ‘sudo pip’?
  4. Security of Python’s eval() on untrusted strings?
  5. Getting a hidden password input
  6. I need to securely store a username and password in Python, what are my options? [closed]
  7. Simple way to encode a string according to a password?
  8. hash function in Python 3.3 returns different results between sessions
  9. Is distributing python source code in Docker secure?
  10. Salt and hash a password in Python
  11. Masking user input in python with asterisks
  12. Hiding a password in a python script (insecure obfuscation only)
  13. Validation of a Password – Python
  14. Generate password in python
  15. Change to sudo user within a python script
  16. How to open a password protected excel file using python?
  17. Read password from stdin [duplicate]
  18. How to have password echoed as asterisks [duplicate]
  19. Python 3, Are there any known security holes in ast.literal_eval(node_or_string)?
  20. Is a SQLAlchemy query vulnerable to injection attacks?
  21. Is this Python code vulnerable to SQL injection? (SQLite3)
  22. Create a temporary FIFO (named pipe) in Python?
  23. Securely storing passwords for use in python script [duplicate]
  24. How do I use the built in password reset/change views with my own templates
  25. Encrypted and secure docker containers
  26. Google Authenticator implementation in Python
  27. Do CSRF attacks apply to API’s?
  28. What’s the purpose of Django setting ‘SECRET_KEY’?
  29. converting a string to a list from a text file
  30. ValueError: invalid literal for int () with base 10

Leave a Comment