[issue14532] multiprocessing module performs a time-dependent hmac comparison
Jon Oberheide
report at bugs.python.org
Thu Apr 12 16:18:10 CEST 2012
Jon Oberheide <jon at oberheide.org> added the comment:
> You could rewrite:
>
> result |= x ^ y
>
> as:
>
> result |= (x != y)
You could, but it's best not to introduce any conditional branching based if at all possible. For reference, see:
http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/#comment-5783
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14532>
_______________________________________
More information about the Python-bugs-list
mailing list