Message158129
| Author |
Jon.Oberheide |
| Recipients |
Jon.Oberheide, neologix, r.david.murray, sbt, vstinner |
| Date |
2012年04月12日.13:59:58 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1334239199.12.0.829921984475.issue14532@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
> This is not time independent. Is it an issue?
You're correct, the length check does leak the length of the expected digest as a performance enhancement (otherwise, your comparison runtime is bounded by the length of the attackers input).
Generally, exposing the length and thereby potentially the underlying cryptographic hash function (eg. 20 bytes -> hmac-sha1) is not considered a security risk for this type of scenario, whereas leaking key material certainly is. I considered including this nuance in the documentation and probably should.
> It's better to write isinstance(a, bytes). You should raise a
> TypeError if a is not a bytes or str.
Ack, thanks. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年04月12日 13:59:59 | Jon.Oberheide | set | recipients:
+ Jon.Oberheide, vstinner, r.david.murray, neologix, sbt |
| 2012年04月12日 13:59:59 | Jon.Oberheide | set | messageid: <1334239199.12.0.829921984475.issue14532@psf.upfronthosting.co.za> |
| 2012年04月12日 13:59:58 | Jon.Oberheide | link | issue14532 messages |
| 2012年04月12日 13:59:58 | Jon.Oberheide | create |
|