安全地覆盖RAM中的Python变量? [英] Securely overwrite Python variables in RAM?

问题描述

我正在用Python编写一个程序，该程序将涉及对密码进行哈希处理.假设我用这个来获取密码:

I'm making a program in Python that will involve hashing a password. Assuming I use this to get the password:

import getpass
password = getpass.getpass("Password: ")

然后对其进行哈希处理，是否有任何方法可以安全地从RAM中删除所有未加密密码的痕迹?

And then hash it, is there any way to securely remove all traces of the unhashed password from RAM?

推荐答案

如前所述，即使您有自定义实现，也没有万无一失的方法可以在python中做到(尽管这可能是一种方法).

As previously discussed there is no foolproof way to do this in python even if you had a custom implementation (although this might be a way).

现在我不知道您的应用程序应该做什么，但是我可以毫无疑问地告诉您，即使在散列之后，RAM中的数据也比数据库中的数据更安全.

Now I don't know what your application is supposed to do but what I can tell you without any doubt is that your data is safer in the RAM than it is in your database, even after the hash.

内存的工作方式是如此复杂.每个进程都有自己的虚拟内存空间，该空间不必是连续的.完整的内存块将交换到磁盘上，并放回另一个内存块中.整个内存只是一组字节，几乎不可能分辨出整数数组，字符串，cat或简单随机数据之间的区别.

The way memory works is so complex. Every process has its own virtual memory space which doesn't have to be contiguous. Full blocks of memory are swapped to the disk and put back in another memory block. The whole memory is just a set of bytes and it's almost impossible to tell the difference between an array of integers, a string, a cat or simple random data.

一些数据块被部分重新分配，从而创建了大量的部分数据.想象一下，这将是1、2、8甚至16Gb的随机数据是什么样的，潜在的黑客将不得不在所有这些0和1中找到一个密码.

Some data blocks are partially reallocated creating a large quantity of partial data. Imagine what this would like, 1, 2, 8 or even 16Gb of random data, and the potential hacker would have to find a password in all those 0s and 1s.

如果某人想在执行过程中破解您的密码，则需要以root用户的身份对计算机进行实时访问；由于我之前提到的原因，他不能仅通过查看交换来做到这一点.

If someone wanted to hack your password during the execution of the process he would need to have live access to the machine as root; he cannot do it by just looking at the swap afterward for the reasons I stated earlier.

但是，如果有人具有这种​​访问权限，那么会有很多其他方式来获取密码.例如，只需调试程序，或者更好，只需更改源代码并输出密码即可:)

But if some one has this kind of access there are so many other ways to get the password. For instance simply debug the program, or better, just change the source and make it print the password :)

大多数黑客都不会为这样的麻烦而烦恼.黑客行为主要与社交工程有关，这基本上是在使用户向黑客提供乐意输入密码. 网络钓鱼就是这样一种方法.

Most hackers will not bother going through such a hassle. Hacking is mostly about social engineering, which is basically making the user give the hacker its password willingly. Phishing is one such method.

这篇关于安全地覆盖RAM中的Python变量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！