6

I'm making a program in Python that will involve hashing a password. Assuming I use this to get the password:

import getpass
password = getpass.getpass("Password: ")

And then hash it, is there any way to securely remove all traces of the unhashed password from RAM?

tkbx
  • 13,156
  • 26
  • 77
  • 116
  • I think this post can help you: [http://stackoverflow.com/questions/1316767/how-can-i-explicitly-free-memory-in-python][1] [1]: http://stackoverflow.com/questions/1316767/how-can-i-explicitly-free-memory-in-python – Kobi K Oct 03 '13 at 13:57
  • 3
    Why would you possibly want to do that? To be able to read (really really hard) your memory an hacker should have obtained root access anyway. Please focus your energy on more sensible/common [attack vectors](https://www.owasp.org) than creating this false sense of security. – RickyA Oct 03 '13 at 14:03
  • @RickyA You have no idea what tkbx is trying to do, it's actually a good question. – Joe Oct 03 '13 at 14:04
  • @RickyA: if the swap file isn't encrypted then you don't need root, you just need the hard disk (and for the page containing the password to have been swapped and not overwritten, of course). Stealing hardware is a plausible attack if not a high-value one, since the attacker has no idea what they're going to get in the swap file, it's down to luck. But the conclusion is the same, there's not much you can do about it. – Steve Jessop Oct 03 '13 at 14:05
  • Anyway, it's a duplicate, and it's well discussed in 728164. – Joe Oct 03 '13 at 14:07
  • @Joe, he is trying to erase passwords from memory. To have good security you need a lot stuff in place. I would suggest he looks at them first because unless he has already implemented them and he is making an online banking application this is a wast of time. – RickyA Oct 03 '13 at 14:09
  • @Steve Jessop: true, but you still need access and I would love to hear how you would retieve this pw from the heap of bytes in swap. – RickyA Oct 03 '13 at 14:11
  • @RickyA This is a specific question. I'm sure general advice surrounding the question is welcome, but asserting that someone shouldn't be asking it in the first place, without knowing about any other practises they are are or are not putting into place, isn't very constructive. This is not such a strange requirement. It's included in the .NET BCL: http://msdn.microsoft.com/en-us/library/system.security.securestring.aspx – Joe Oct 03 '13 at 14:17
  • @Joe: yes, I also don't like people that constantly say the OP does not know what he is asking and go on suggesting completely different things. But this questions stinks of programmer micro management and I want the guy to save himself a lot of trouble doing this only to find that he is hacked in two different ways. btw. [better OWASP link](http://prdownloads.sourceforge.net/owasp/OWASPGuide2.0.1.pdf?download). Read it! – RickyA Oct 03 '13 at 14:26
  • Cool. I'm sure it's helpful to @tkbx. I'm just bearing in mind the equivalent conversation if someone came along and asked about `System.Security.SecureString` (which does exist, for a very good reason). Anyway, I'm sure tkbx knows more about the topic than he bargained for! – Joe Oct 03 '13 at 14:30
  • 1
    @RickyA: I wouldn't necessarily need to find the password in the swap file, rather I'd use the swap file as a source of strings to guess the password with. Anyway, my point was simply that unencrypted swap files ruin the principle that the contents of memory is secured by the OS (at least, once the OS isn't running and you mount the disk elsewhere). As I said it doesn't really affect the thrust of your comment, it's just that the assumption doesn't always hold. It's also possible for the OS to scrub the swapfile on a graceful shutdown, of course. – Steve Jessop Oct 03 '13 at 16:10

1 Answers1

4

As previously discussed there is no foolproof way to do this in python even if you had a custom implementation (although this might be a way).

Now I don't know what your application is supposed to do but what I can tell you without any doubt is that your data is safer in the RAM than it is in your database, even after the hash.

The way memory works is so complex. Every process has its own virtual memory space which doesn't have to be contiguous. Full blocks of memory are swapped to the disk and put back in another memory block. The whole memory is just a set of bytes and it's almost impossible to tell the difference between an array of integers, a string, a cat or simple random data.

Some data blocks are partially reallocated creating a large quantity of partial data. Imagine what this would like, 1, 2, 8 or even 16Gb of random data, and the potential hacker would have to find a password in all those 0s and 1s.

If someone wanted to hack your password during the execution of the process he would need to have live access to the machine as root; he cannot do it by just looking at the swap afterward for the reasons I stated earlier.

But if some one has this kind of access there are so many other ways to get the password. For instance simply debug the program, or better, just change the source and make it print the password :)

Most hackers will not bother going through such a hassle. Hacking is mostly about social engineering, which is basically making the user give the hacker its password willingly. Phishing is one such method.

Tony
  • 8,904
  • 3
  • 41
  • 67
Samy Arous
  • 6,515
  • 11
  • 19
  • You should vote to close this question as it is a duplicate rather than answer it. If you have a new answer, you can put it on the original question. – Joe Oct 03 '13 at 14:30
  • This guy makes sense! – RickyA Oct 03 '13 at 14:36
  • 2
    "the potential hacker would have to find a password in all this 0s and 1s". Firstly, the idea that hackers *can't possibly ever* do this is a big statement to make. There are loads of practical exploits that rely on finding particular things in memory or swap where you wouldn't think there was much to start from. Secondly, what you actually do is scan the swap file for anything that looks like text. You find a lot more than just the password, then use that as a list of guesses. That is, you can find a needle in a haystack by trying to sew with each bit of hay in turn until one works. – Steve Jessop Oct 03 '13 at 16:20
  • 1
    Btw, I'm not saying that the questioner's app will actually fall to this swap-file attack. I'm saying that the assumptions on which the argument is founded aren't entirely accurate. If you go around assuming that swap files are impregnable, or that searching for sensitive data in a big binary lump is impossible, then this particular app may or may not suffer for it (most likely not), but certainly somebody will eventually. – Steve Jessop Oct 03 '13 at 16:25
  • The assumption I'm making is that a hacker would simply use other kind of attacks that are easier to apply and gives faster result with a higher success rate. Now a days, a good password has punctuation, numbers and special characters in it, it's difficult to tell if a group of such characters are random trash or a password. I agree on the fact that this doesn't mean it's full-proof. I'm just saying it's harder than running a rainbow attack on the database or simply asking for the client to give it's password willingly :p – Samy Arous Oct 04 '13 at 12:31
  • After a notification brought this tree of questions back to my attention, there's an interesting additional note: sure, memory can be allocated in large chunks (Transparent Huge Pages are not always your friend!) and absolutely can be fragmented (>4KiB), however certain common uses of passwords make discovery within "random data" much, much easier, even trivial. For example, if it's used to derive an AES key… instant pattern match. _Many_ key derivation functions leave signatures in memory unless thoroughly scrubbed. Then extracted by any means, such as cold-boot attack, heartbleed, spectre… – amcgregor Aug 14 '20 at 05:42