[issue14532] multiprocessing module performs a time-dependent hmac comparison
Jon Oberheide
report at bugs.python.org
Thu Apr 12 15:59:59 CEST 2012
Jon Oberheide <jon at oberheide.org> added the comment:
> This is not time independent. Is it an issue?
You're correct, the length check does leak the length of the expected digest as a performance enhancement (otherwise, your comparison runtime is bounded by the length of the attackers input).
Generally, exposing the length and thereby potentially the underlying cryptographic hash function (eg. 20 bytes -> hmac-sha1) is not considered a security risk for this type of scenario, whereas leaking key material certainly is. I considered including this nuance in the documentation and probably should.
> It's better to write isinstance(a, bytes). You should raise a
> TypeError if a is not a bytes or str.
Ack, thanks.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14532>
_______________________________________
More information about the Python-bugs-list
mailing list