1Known security limitations 2========================== 3 4Secure memory wiping 5-------------------- 6 7`Memory wiping`_ is used to protect secret data or key material from attackers 8with access to deallocated memory. This is a defense-in-depth measure against 9vulnerabilities that leak application memory. 10 11Many ``cryptography`` APIs which accept ``bytes`` also accept types which 12implement the buffer interface. Thus, users wishing to do so can pass 13``memoryview`` or another mutable type to ``cryptography`` APIs, and overwrite 14the contents once the data is no longer needed. 15 16However, ``cryptography`` does not clear memory by default, as there is no way 17to clear immutable structures such as ``bytes``. As a result, ``cryptography``, 18like almost all software in Python is potentially vulnerable to this attack. The 19`CERT secure coding guidelines`_ assesses this issue as "Severity: medium, 20Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not 21consider this a high risk for most users. 22 23RSA PKCS1 v1.5 constant time decryption 24--------------------------------------- 25 26RSA decryption has several different modes, one of which is PKCS1 v1.5. When 27used in online contexts, a secure protocol implementation requires that peers 28not be able to tell whether RSA PKCS1 v1.5 decryption failed or succeeded, 29even by timing variability. 30 31``cryptography`` does not provide an API that makes this possible, due to the 32fact that RSA decryption raises an exception on failure, which takes a 33different amount of time than returning a value in the success case. 34 35For this reason, at present, we recommend not implementing online protocols 36that use RSA PKCS1 v1.5 decryption with ``cryptography`` -- independent of this 37limitation, such protocols generally have poor security properties due to their 38lack of forward security. 39 40If a constant time RSA PKCS1 v1.5 decryption API is truly required, you should 41contribute one to ``cryptography``. 42 43.. _`Memory wiping`: https://devblogs.microsoft.com/oldnewthing/?p=4223 44.. _`CERT secure coding guidelines`: https://wiki.sei.cmu.edu/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources 45