Author Jon.Oberheide
Recipients Jon.Oberheide
Date 2012-04-08.20:27:42
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1333916863.07.0.388274376094.issue14532@psf.upfronthosting.co.za>
In-reply-to
Content
The multiprocessing module performs a time-dependent comparison of the HMAC digest used for authentication:

def deliver_challenge(connection, authkey):
    import hmac
    assert isinstance(authkey, bytes)
    message = os.urandom(MESSAGE_LENGTH)
    connection.send_bytes(CHALLENGE + message)
    digest = hmac.new(authkey, message).digest()
    response = connection.recv_bytes(256)        # reject large message
    if response == digest:
        connection.send_bytes(WELCOME)
    else:
        connection.send_bytes(FAILURE)
        raise AuthenticationError('digest received was wrong')

This comparison should be made time-independent as to not leak information about the expected digest and allow an attacker to derive the full digest.

More info on such timing attacks:

http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/
http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
History
Date User Action Args
2012-04-08 20:27:43Jon.Oberheidesetrecipients: + Jon.Oberheide
2012-04-08 20:27:43Jon.Oberheidesetmessageid: <1333916863.07.0.388274376094.issue14532@psf.upfronthosting.co.za>
2012-04-08 20:27:42Jon.Oberheidelinkissue14532 messages
2012-04-08 20:27:42Jon.Oberheidecreate