GC和安全性 [英] GC and security

问题描述

我正在开发一个python应用程序，它使用加密作为其

安全功能的一部分。所以在某些时候有人必须输入一个

密码进入系统并传递给解密函数（我们

通过子进程使用gpg）。


所以我很好奇。只要我放弃所有对密码短语

字符串的引用，最终它会被垃圾收集并且内存被回收。

所以不久之后这句话已经从记忆中消失了。


有最好的做法吗？


谢谢


Les Schaffer

i am working on a python application that uses encryption as part of its
security features. so then at some point someone has to enter a
passphrase into the system and passed into a decryption functions (we
are using gpg via subprocess).

so i am curious. so long as i drop all reference to the passphrase
string(s), eventually it gets garbage collected and the memory recycled.
so "before long" the phrase is gone from memory.

is there a best practice way to do this?

thanks

Les Schaffer

推荐答案

2006/8/30,Les Schaffer< sc ****** @ optonline.net>：

2006/8/30, Les Schaffer <sc******@optonline.net>:

有最好的做法吗？

is there a best practice way to do this?

我不是密码学家，但你应该在gc模块中尝试功能

collect（）。


-

Felipe。

I''m not a cryptographer, but you should really try the function
collect() inside the gc module.

--
Felipe.

Les Schaffer< sc ****** @ optonline。 netwrites：

Les Schaffer <sc******@optonline.netwrites:

所以我很好奇。只要我放弃所有对密码短语

字符串的引用，最终它会被垃圾收集并且内存被回收。

所以不久之后这句话已经从记忆中消失了。


是否有最佳实践方法可以做到这一点？

so i am curious. so long as i drop all reference to the passphrase
string(s), eventually it gets garbage collected and the memory recycled.
so "before long" the phrase is gone from memory.

is there a best practice way to do this?

你不能依赖于这样的东西，无论是在Python GC方面还是从操作系统中获得
（可能有很长时间）自从将密码写入

交换磁盘后，没有特别安排。某些操作系统有系统

调用来锁定内存中的用户页面并阻止交换，并且GPG尝试使用它们来获取
。 最佳实践如果你正在做一个高安全性的应用程序

涉及使用特殊的硬件模块来包装密钥。

相关标准是FIPS 140-2，准备FIPS-140-3：

http://csrc.nist.gov/cryptval/140-2.htm
http://csrc.nist.gov/cryptval/140-3.htm


对于大多数用途（例如一些随机的网络服务），这些东西是

矫枉过正。

You can''t rely on anything like that, either on the Python GC side or
from the OS (which might have long since written the passphrase out to
the swap disk) without special arrangement. Some OS''s have system
calls to lock user pages in memory and prevent swapping, and GPG tries
to use them. "Best practice" if you''re doing a high security app
involves using special hardware modules to wrap the keys. The
relevant standard is FIPS 140-2, with FIPS-140-3 in preparation:

http://csrc.nist.gov/cryptval/140-2.htm
http://csrc.nist.gov/cryptval/140-3.htm

For most purposes (e.g. some random web service), this stuff is
overkill, though.

Paul Rubin写道：

Paul Rubin wrote:

你不能依赖这样的东西，无论是在Python GC方面还是从操作系统中获得
（可能很久以来就没有特殊安排将密码写入

交换磁盘）。

You can''t rely on anything like that, either on the Python GC side or
from the OS (which might have long since written the passphrase out to
the swap disk) without special arrangement.

我们提供禁用这个应用程序的交换（它不是内存密集型）但

这个预防措施水平超出了目前的预期。我最近了解到，在

关闭期间可以要求Windows将交换文件归零，不过我知道有一些方法可以解决这一次写入。

we offered to disable swap for this app (its not memory intensive) but
this level of precaution was beyond what is currently desired. i
recently learned that Windows can be asked to zero the swap file during
shutdown, though i know there are ways around this one pass write.

有些操作系统有系统

调用来锁定内存中的用户页面并阻止交换，GPG尝试使用它们
。 最佳实践如果你正在做一个高安全性的应用程序

涉及使用特殊的硬件模块来包装密钥。

Some OS''s have system
calls to lock user pages in memory and prevent swapping, and GPG tries
to use them. "Best practice" if you''re doing a high security app
involves using special hardware modules to wrap the keys.

理解，我的意思是不太严格的垃圾

集合的最佳实践。如果collect（）函数加速了垃圾收集对于

未引用的字符串，如密码短语，那么我们什么也不花钱购买我们

a我们位。

understood, i meant best practice in terms of the less rigorous garbage
collection. if the collect() function hastens garbage collection for
unreferenced strings like a passphrase, it costs us nothing and buys us
a wee bit.

相关标准是FIPS 140-2，准备FIPS-140-3：

http://csrc.nist.gov/cryptval/140-2.htm http://csrc.nist.gov/cryptval/140-3 .htm

感谢这些。我们可能会被要求提高一些

点的安全级别。

thanks for these. we may be called upon to up the security level at some
point.

>

对于大多数人来说目的（例如一些随机的网络服务），这个东西是

矫枉过正。

>
For most purposes (e.g. some random web service), this stuff is
overkill, though.

我们比网络服务更敏感，但没有达到
硬件保护的水平。这是健康数据相关的，目前我们

超过了OMB最新的笔记本电脑安全性：

http://www.whitehouse.gov/omb/memora...006/m06-16.pdf


i没有看到那里提到交换文件，但也许我错过了它。并且

OMB文档超出了客户端应用程序所要求的安全级别。


les schaffer

we''re more sensitive than a web service, but not at the level of
hardware protection. it is health data related, and for the moment we
exceed the OMB''s latest on laptop security:

http://www.whitehouse.gov/omb/memora...006/m06-16.pdf

i don''t see a mention of swap files on there, but maybe i missed it. and
the OMB doc exceeds the security level required by the client app.

les schaffer

这篇关于GC和安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！