[issue15061] hmac.secure_compare() leaks information about length of strings
Nick Coghlan
report at bugs.python.org
Fri Jun 15 10:42:19 CEST 2012
Nick Coghlan <ncoghlan at gmail.com> added the comment:
FWIW, Petri's example also explains why leaking the expected length of the string is considered an acceptable optimisation in most reimplementations of this signature check comparison: the attacker is assumed to already know the expected length of the signature, because it's part of a documented protocol or API.
However, I think it's more reasonable for a standard library implementation to omit that optimisation by default.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
More information about the Python-bugs-list
mailing list