Python - Releasing/replacing a string variable, how does it get handled?

Question

Say i store a password in plain text in a variable called passWd as a string. How does python release this variable once i discard of it (for instance, with del passWd or passWd= 'new random data')?

Is the string stored as a byte-array meaning it can be overwritten in the memoryplace that it originally existed or is it a fixed set in a memory area which can't be modified and there for when assining a new value a new memory area is created and the old area is discareded but not overwritten by null?

I'm questioning how Python implements the safety of memory areas and would like to know more about it, mainly because i'm curious :)

From what i've gathered so far, using del (or __del__) causes the interpreter to not release memory areas of that variable automaticly which can cause issues, and also i'm not sure that del is so thurrow on deleting the values. But that's just from what i've gathered and not something in black or white :)

The main reason for me asking, is I'm intending to write a hand-over application that gets a string, does some I/O, passes it along to another subsystem (bootloader for raspberry pi for instance) and the interface is written in Python (how odd that must sound in some peoples ears..) and i'm not worried that the data is compromised during the I/O calculations but that a memory dump might be occuring in between the two subsystem handovers. or if the system is frozen (say a hiberation) say 20min after the system is booted and i removed the variable as fast as i could, but somehow it's still in the memory despite me doing a del passWd :)

(Ps. I've asked on Superuser, they refered me here aand i'm sorry for poor grammar!)

Answer 1

Unless you use custom coded input methods to get the password, it will be in many more places then just your immutable string. So don't worry too much.

The OS should take care that any data from your process is cleared before the memory is allocated to another process. This may of course fail if the page is copied to disk (swapped out or hibernated).

Secure password entry is not easy. Maybe you can find a special library or module that handles this.