One Hat Cyber Team

Your IP: 216.73.216.32
Server IP: 15.204.235.159
Server: Linux srv.techlup.co.ke 4.18.0-553.5.1.el8_10.x86_64 #1 SMP Wed Jun 5 09:12:13 EDT 2024 x86_64
Server Software: Apache
PHP Version: 8.2.27
Buat File | Buat Folder

Dir : ~/usr/share/doc/python3-cryptography/docs/

Edit File: limitations.rst

Known security limitations
==========================

Secure memory wiping
--------------------

`Memory wiping`_ is used to protect secret data or key material from attackers
with access to deallocated memory. This is a defense-in-depth measure against
vulnerabilities that leak application memory.

Many ``cryptography`` APIs which accept ``bytes`` also accept types which
implement the buffer interface. Thus, users wishing to do so can pass
``memoryview`` or another mutable type to ``cryptography`` APIs, and overwrite
the contents once the data is no longer needed.

However, ``cryptography`` does not clear memory by default, as there is no way
to clear immutable structures such as ``bytes``. As a result, ``cryptography``,
like almost all software in Python is potentially vulnerable to this attack. The
`CERT secure coding guidelines`_ assesses this issue as "Severity: medium,
Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not
consider this a high risk for most users.

.. _`Memory wiping`:  https://devblogs.microsoft.com/oldnewthing/?p=4223
.. _`CERT secure coding guidelines`: https://wiki.sei.cmu.edu/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources