nkvnkv nkvnkv - 3 years ago 258
Python Question

Erase ram space used by variable in python, prevent memory dump attack

Looking for a verified solution for this problem in python.
I have code like this

verySensitveData = "secret, big secret"
#useing verySensitveData in code
#not need it any more
del verySensitveData # now variable is unusable in later code
collected = gc.collect() #collected and removed

now it should be gone from RAM when gc is called.

Does this force OS to erase data on address used by verySensitveData variable automatically with GC?

It should be gone for good, no ram memory dump can retreve data that was in variable verySensitveData?

Answer Source

No. gc.collect() only causes Python to check for objects that are referenced but unreachable (e.g, where two objects refer to each other, but nothing else does). It does not trigger any sort of memory cleanup.

If making your program resistant to memory dumping is important, Python is not the right language to be writing it in. Python makes very few guarantees about how data will be stored in memory, and it is very likely that any string you process will be copied around in memory in the course of processing it, which may leave partial or complete copies of your string in memory. Python may reuse that memory or release it to the OS later, but it will not take any special measures to wipe it.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download