Doc/library/hmac.rst - Issue 14532: multiprocessing module performs a time-dependent hmac comparison

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s :	save comment
<Esc> :	cancel edit

Side by Side Diff: Doc/library/hmac.rst

Issue 14532: multiprocessing module performs a time-dependent hmac comparison

Patch Set: Created 1 year, 1 month ago

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 :mod:`hmac` --- Keyed-Hashing for Message Authentication	1 :mod:`hmac` --- Keyed-Hashing for Message Authentication

2 ========================================================	2 ========================================================

3	3

4 .. module:: hmac	4 .. module:: hmac

5 :synopsis: Keyed-Hashing for Message Authentication (HMAC) implementation	5 :synopsis: Keyed-Hashing for Message Authentication (HMAC) implementation

6 for Python.	6 for Python.

7 .. moduleauthor:: Gerhard Häring <ghaering@users.sourceforge.net>	7 .. moduleauthor:: Gerhard Häring <ghaering@users.sourceforge.net>

8 .. sectionauthor:: Gerhard Häring <ghaering@users.sourceforge.net>	8 .. sectionauthor:: Gerhard Häring <ghaering@users.sourceforge.net>

9	9

10 Source code: :source:`Lib/hmac.py`	10 Source code: :source:`Lib/hmac.py`

(...skipping 19 matching lines...) Expand all Loading...
30 equivalent to a single call with the concatenation of all the arguments:	30 equivalent to a single call with the concatenation of all the arguments:

31 ``m.update(a); m.update(b)`` is equivalent to ``m.update(a + b)``.	31 ``m.update(a); m.update(b)`` is equivalent to ``m.update(a + b)``.

32	32

33	33

34 .. method:: HMAC.digest()	34 .. method:: HMAC.digest()

35	35

36 Return the digest of the bytes passed to the :meth:`update` method so far.	36 Return the digest of the bytes passed to the :meth:`update` method so far.

37 This bytes object will be the same length as the digest_size of the digest	37 This bytes object will be the same length as the digest_size of the digest

38 given to the constructor. It may contain non-ASCII bytes, including NUL	38 given to the constructor. It may contain non-ASCII bytes, including NUL

39 bytes.	39 bytes.

	40

	41 .. warning::

	42

	43 When comparing the output of :meth:`digest` to an externally-supplied

	44 digest during a verification routine, it is recommended to use the

	45 :func:`hmac.secure_compare` function instead of the ``==`` operator

	46 to avoid potential timing attacks.

40	47

41	48

42 .. method:: HMAC.hexdigest()	49 .. method:: HMAC.hexdigest()

43	50

44 Like :meth:`digest` except the digest is returned as a string twice the	51 Like :meth:`digest` except the digest is returned as a string twice the

45 length containing only hexadecimal digits. This may be used to exchange the	52 length containing only hexadecimal digits. This may be used to exchange the

46 value safely in email or other non-binary environments.	53 value safely in email or other non-binary environments.

	54

	55 .. warning::

	56

	57 When comparing the output of :meth:`hexdigest` to an externally-supplied

	58 digest during a verification routine, it is recommended to use the

	59 :func:`hmac.secure_compare` function instead of the ``==`` operator

	60 to avoid potential timing attacks.

47	61

48	62

49 .. method:: HMAC.copy()	63 .. method:: HMAC.copy()

50	64

51 Return a copy ("clone") of the hmac object. This can be used to efficiently	65 Return a copy ("clone") of the hmac object. This can be used to efficiently

52 compute the digests of strings that share a common initial substring.	66 compute the digests of strings that share a common initial substring.

	67

	68

	69 This module also provides the following helper function:

	70

	71 .. function:: secure_compare(a, b)

	72

	73 Returns the equivalent of ``a == b``, but using a time-independent

	74 comparison method. Comparing the full lengths of the inputs a and b,

	75 instead of short-circuiting the comparison upon the first unequal byte,

	76 prevents leaking information about the inputs being compared and mitigates

	77 potential timing attacks. The inputs must be either :class:`str` or

	78 :class:`bytes` instances.

	79

	80 .. note::

	81

	82 While the :func:`hmac.secure_compare` function prevents leaking the

	83 contents of the inputs via a timing attack, it does leak the length

	84 of the inputs. However, this generally is not a security risk.

53	85

54	86

55 .. seealso::	87 .. seealso::

56	88

57 Module :mod:`hashlib`	89 Module :mod:`hashlib`

58 The Python module providing secure hash functions.	90 The Python module providing secure hash functions.

OLD	NEW

« no previous file with comments | « no previous file | Lib/hmac.py » ('j') | no next file with comments »