| Alex Stapleton | 68bba2d | 2014-03-22 23:03:15 +0000 | [diff] [blame^] | 1 | Known security limitations |
| 2 | -------------------------- |
| 3 | |
| 4 | Lack of secure memory wiping |
| 5 | ============================ |
| 6 | |
| 7 | `Memory wiping`_ is used to protect secret data or key material from attackers |
| 8 | with access to uninitialized memory. This can be either because the attacker |
| 9 | has some kind of local user access or because of other softwares use of |
| 10 | uninitialized memory. |
| 11 | |
| 12 | Python exposes no API for us to implement this reliably and as such most |
| 13 | software in Python is vulnerable to this attack. However we do not currently |
| 14 | believe this to be particularly high risk issue for most users. |
| 15 | |
| 16 | .. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx |