diff options
author | Alex Stapleton <alexs@prol.etari.at> | 2014-03-22 23:03:15 +0000 |
---|---|---|
committer | Alex Stapleton <alexs@prol.etari.at> | 2014-03-22 23:03:22 +0000 |
commit | 68bba2d174a8cc6d50f19509fb64388de7ea5b0c (patch) | |
tree | 7c9bcab8e2c6c27b2a2abcbe72794477e618c44f /docs/limitations.rst | |
parent | eaeed6ce3d2f3cfee804684c53fc35c54e0a569e (diff) | |
download | cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.tar.gz cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.tar.bz2 cryptography-68bba2d174a8cc6d50f19509fb64388de7ea5b0c.zip |
Limitations
Diffstat (limited to 'docs/limitations.rst')
-rw-r--r-- | docs/limitations.rst | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/limitations.rst b/docs/limitations.rst new file mode 100644 index 00000000..423a55b9 --- /dev/null +++ b/docs/limitations.rst @@ -0,0 +1,16 @@ +Known security limitations +-------------------------- + +Lack of secure memory wiping +============================ + +`Memory wiping`_ is used to protect secret data or key material from attackers +with access to uninitialized memory. This can be either because the attacker +has some kind of local user access or because of other softwares use of +uninitialized memory. + +Python exposes no API for us to implement this reliably and as such most +software in Python is vulnerable to this attack. However we do not currently +believe this to be particularly high risk issue for most users. + +.. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx |