aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/index.rst1
-rw-r--r--docs/limitations.rst16
2 files changed, 17 insertions, 0 deletions
diff --git a/docs/index.rst b/docs/index.rst
index a25f4470..58424bfc 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -85,6 +85,7 @@ The ``cryptography`` open source project
installation
development/index
security
+ limitations
api-stability
doing-a-release
changelog
diff --git a/docs/limitations.rst b/docs/limitations.rst
new file mode 100644
index 00000000..423a55b9
--- /dev/null
+++ b/docs/limitations.rst
@@ -0,0 +1,16 @@
+Known security limitations
+--------------------------
+
+Lack of secure memory wiping
+============================
+
+`Memory wiping`_ is used to protect secret data or key material from attackers
+with access to uninitialized memory. This can be either because the attacker
+has some kind of local user access or because of other softwares use of
+uninitialized memory.
+
+Python exposes no API for us to implement this reliably and as such most
+software in Python is vulnerable to this attack. However we do not currently
+believe this to be particularly high risk issue for most users.
+
+.. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 10:31:28 +0000
ef='#n140'>140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182