[issue15061] hmac.secure_compare() leaks information about length of strings
Nick Coghlan
report at bugs.python.org
Fri Jun 15 09:28:42 CEST 2012
Nick Coghlan <ncoghlan at gmail.com> added the comment:
Can people please stop raising a false dichotomy and using that as an excuse not to do anything?
The decision is not between "leak some information" and "leak no information". It is between "leak more information" and "leak less information".
The timing variations with standard comparison are relatively massive and relatively easy to analyse (if the time taken goes up, you got the previous digit correct).
With this comparison, they're far more subtle and require much greater analysis to figure out the significance of the timing changes. That reduces the pool of attackers to those capable of performing that analysis (or in possession of tools that will perform that analysis for them).
Yes, the docs and name are currently completely unacceptable. But scorched earth is not a good answer, because that just means people will fall back to using "==" which is *even worse* from a security point of view.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
More information about the Python-bugs-list
mailing list