Merge pull request #845 from public/no-memory-wipe-docs

Document our security limitations
2026-05-14 20:37:55 +00:00 · 2014-03-25 07:05:37 -04:30 · 2014-03-25 07:05:37 -04:30 · 0201c3569b
commit 0201c3569b
parent fabf28a20e a108ac6ce6
2 changed files with 20 additions and 0 deletions
--- a/docs/index.rst
+++ b/docs/index.rst
@ -85,6 +85,7 @@ The ``cryptography`` open source project
    installation
    development/index
    security
+    limitations
    api-stability
    doing-a-release
    changelog
--- a/docs/limitations.rst
+++ b/docs/limitations.rst
@ -0,0 +1,19 @@
+Known security limitations
+--------------------------
+
+Lack of secure memory wiping
+============================
+
+`Memory wiping`_ is used to protect secret data or key material from attackers
+with access to uninitialized memory. This can be either because the attacker
+has some kind of local user access or because of how other software uses
+uninitialized memory.
+
+Python exposes no API for us to implement this reliably and as such almost all
+software in Python is potentially vulnerable to this attack. However the
+`CERT secure coding guidelines`_ consider this issue as "low severity,
+unlikely, expensive to repair" and we do not consider this a high risk for most
+users.
+
+.. _`Memory wiping`:  http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx
+.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/seccode/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources