Limitations

author: Alex Stapleton <alexs@prol.etari.at> 2014-03-22 23:03:15 +0000
committer: Alex Stapleton <alexs@prol.etari.at> 2014-03-22 23:03:22 +0000
commit: 68bba2d174a8cc6d50f19509fb64388de7ea5b0c (patch)
tree: 7c9bcab8e2c6c27b2a2abcbe72794477e618c44f /docs/limitations.rst
parent: eaeed6ce3d2f3cfee804684c53fc35c54e0a569e (diff)
download: cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.tar.gz
cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.tar.bz2
cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/limitations.rst b/docs/limitations.rst
new file mode 100644
index 00000000..423a55b9
--- /dev/null
+++ b/docs/limitations.rst
@@ -0,0 +1,16 @@
+Known security limitations
+--------------------------
+
+Lack of secure memory wiping
+============================
+
+`Memory wiping`_ is used to protect secret data or key material from attackers
+with access to uninitialized memory. This can be either because the attacker
+has some kind of local user access or because of other softwares use of
+uninitialized memory.
+
+Python exposes no API for us to implement this reliably and as such most
+software in Python is vulnerable to this attack. However we do not currently
+believe this to be particularly high risk issue for most users.
+
+.. _`Memory wiping`:  http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx
author	Alex Stapleton <alexs@prol.etari.at>	2014-03-22 23:03:15 +0000
committer	Alex Stapleton <alexs@prol.etari.at>	2014-03-22 23:03:22 +0000
commit	68bba2d174a8cc6d50f19509fb64388de7ea5b0c (patch)
tree	7c9bcab8e2c6c27b2a2abcbe72794477e618c44f /docs/limitations.rst
parent	eaeed6ce3d2f3cfee804684c53fc35c54e0a569e (diff)
download	cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.tar.gz cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.tar.bz2 cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.zip