Message 162587 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ncoghlan
Recipients	Jon.Oberheide, ncoghlan, neologix, pitrou, python-dev, r.david.murray, sbt, vstinner
Date	2012-06-10.15:16:24
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1339341385.6.0.0171386457531.issue14532@psf.upfronthosting.co.za>
In-reply-to

Content
A comment above the length check referring back to this issue and the deliberate decision to allow a timing attack to determine the length of the expected digest would be handy. I was just looking at hmac.secure_compare and my thought when reading the source and the docstring was "No, it's not time-independent, you can still use a timing attack to figure out the expected digest length".

A comment above the length check referring back to this issue and the deliberate decision to allow a timing attack to determine the length of the expected digest would be handy.

I was just looking at hmac.secure_compare and my thought when reading the source and the docstring was "No, it's not time-independent, you can still use a timing attack to figure out the expected digest length".

History
Date	User	Action	Args
2012-06-10 15:16:25	ncoghlan	set	recipients: + ncoghlan, pitrou, vstinner, r.david.murray, neologix, python-dev, sbt, Jon.Oberheide
2012-06-10 15:16:25	ncoghlan	set	messageid: <1339341385.6.0.0171386457531.issue14532@psf.upfronthosting.co.za>
2012-06-10 15:16:25	ncoghlan	link	issue14532 messages
2012-06-10 15:16:24	ncoghlan	create