This is Rietveld cbc36f91f3f7
| --- a/Doc/library/hmac.rst Wed Apr 11 16:49:40 2012 -0400 |
| +++ b/Doc/library/hmac.rst Mon Apr 30 02:05:06 2012 -0400 |
| @@ -38,6 +38,13 @@ |
| given to the constructor. It may contain non-ASCII bytes, including NUL |
| bytes. |
| + .. warning:: |
| + |
| + When comparing the output of :meth:`digest` to an externally-supplied |
| + digest during a verification routine, it is recommended to use the |
| + :func:`hmac.secure_compare` function instead of the ``==`` operator |
| + to avoid potential timing attacks. |
| + |
| .. method:: HMAC.hexdigest() |
| @@ -45,6 +52,13 @@ |
| length containing only hexadecimal digits. This may be used to exchange the |
| value safely in email or other non-binary environments. |
| + .. warning:: |
| + |
| + When comparing the output of :meth:`hexdigest` to an externally-supplied |
| + digest during a verification routine, it is recommended to use the |
| + :func:`hmac.secure_compare` function instead of the ``==`` operator |
| + to avoid potential timing attacks. |
| + |
| .. method:: HMAC.copy() |
| @@ -52,6 +66,24 @@ |
| compute the digests of strings that share a common initial substring. |
| +This module also provides the following helper function: |
| + |
| +.. function:: secure_compare(a, b) |
| + |
| + Returns the equivalent of ``a == b``, but using a time-independent |
| + comparison method. Comparing the full lengths of the inputs *a* and *b*, |
| + instead of short-circuiting the comparison upon the first unequal byte, |
| + prevents leaking information about the inputs being compared and mitigates |
| + potential timing attacks. The inputs must be either :class:`str` or |
| + :class:`bytes` instances. |
| + |
| + .. note:: |
| + |
| + While the :func:`hmac.secure_compare` function prevents leaking the |
| + contents of the inputs via a timing attack, it does leak the length |
| + of the inputs. However, this generally is not a security risk. |
| + |
| + |
| .. seealso:: |
| Module :mod:`hashlib` |