This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2012年05月29日 16:36 by Jon.Oberheide, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| secure-compare-fix-v1.patch | Jon.Oberheide, 2012年05月29日 16:36 | review | ||
| secure-compare-fix-v2.patch | Jon.Oberheide, 2012年06月02日 17:56 | review | ||
| Messages (9) | |||
|---|---|---|---|
| msg161898 - (view) | Author: Jon Oberheide (Jon.Oberheide) | Date: 2012年05月29日 16:36 | |
Hi all, I was informed that the hmac.secure_compare() function added in 14532 is not time-independent when processing unicode values: "The function as given is probably not timing independent if the attacker can provide unicode values. This is because (in CPython at least) all integer values in the range [-5, 256] inclusive are made singletons to avoid the performance hit of integer object creation, meaning that as long as (x ^ y) < 257, no integer object is created and the function appears constant time. When that assumption is violated, you get a timing delta that is actually fairly large compared to the delta for a single character compare." One way to work around this issue is to perform strict 8-bit byte comparisons by converting any string type parameters to bytes via a utf-8 encode. The attached patch does this. Regards, Jon Oberheide |
|||
| msg161966 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2012年05月30日 20:10 | |
I'm not sure that encoding to UTF-8 is time indenpendant. You may try UTF-32-LE or unicode-internal? |
|||
| msg162159 - (view) | Author: Jon Oberheide (Jon.Oberheide) | Date: 2012年06月02日 17:56 | |
Thanks for the feedback, haypo. I've updated the patch to use unicode-internal. As long as the encode() of the expected non-attacker-controlled digest is not dependent on the actual contents of the digest, we should be good. |
|||
| msg162737 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2012年06月13日 22:39 | |
The second patch looks fine. |
|||
| msg162771 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2012年06月14日 11:01 | |
With PEP 393 unicode objects can have several representations, which makes it unlikely that *really* constant-timing functions can be devised. However, a C version could provide some guarantees, by raising an error if the passed unicode strings use a different representation from each other. |
|||
| msg162889 - (view) | Author: Alyssa Coghlan (ncoghlan) * (Python committer) | Date: 2012年06月15日 12:06 | |
As a result of the discussions on #15061, I removed unicode comparison support altogether in f36af3766a20 (updating the warning on the hexdigest() method accordingly). Are folks happy to close this issue on that basis? (I'll raise the question of a separate C implementation on the other issue) |
|||
| msg162915 - (view) | Author: Jon Oberheide (Jon.Oberheide) | Date: 2012年06月15日 16:12 | |
Sounds good to me, Nick. |
|||
| msg163169 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2012年06月19日 14:28 | |
Nick has pushed a patch in rf36af3766a20 that disables the comparison of unicode strings. See #15061 |
|||
| msg172264 - (view) | Author: Christian Heimes (christian.heimes) * (Python committer) | Date: 2012年10月06日 23:34 | |
Python 3.3 contains a secure and working implementation for bytes. unicode isn't supported unless both sides contains ASCII text only. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:31 | admin | set | github: 59160 |
| 2012年10月06日 23:34:12 | christian.heimes | set | status: open -> closed resolution: fixed messages: + msg172264 stage: resolved |
| 2012年06月19日 14:28:38 | christian.heimes | set | dependencies:
+ hmac.secure_compare() leaks information about length of strings messages: + msg163169 |
| 2012年06月15日 16:12:05 | Jon.Oberheide | set | messages: + msg162915 |
| 2012年06月15日 12:06:34 | ncoghlan | set | nosy:
+ ncoghlan messages: + msg162889 |
| 2012年06月14日 11:07:45 | hynek | set | nosy:
+ hynek |
| 2012年06月14日 11:01:49 | pitrou | set | nosy:
+ pitrou messages: + msg162771 |
| 2012年06月13日 22:39:29 | christian.heimes | set | nosy:
+ christian.heimes messages: + msg162737 |
| 2012年06月02日 17:56:34 | Jon.Oberheide | set | files:
+ secure-compare-fix-v2.patch messages: + msg162159 |
| 2012年05月30日 20:10:20 | vstinner | set | nosy:
+ vstinner messages: + msg161966 |
| 2012年05月29日 16:36:51 | Jon.Oberheide | create | |