Message157809
The multiprocessing module performs a time-dependent comparison of the HMAC digest used for authentication:
def deliver_challenge(connection, authkey):
import hmac
assert isinstance(authkey, bytes)
message = os.urandom(MESSAGE_LENGTH)
connection.send_bytes(CHALLENGE + message)
digest = hmac.new(authkey, message).digest()
response = connection.recv_bytes(256) # reject large message
if response == digest:
connection.send_bytes(WELCOME)
else:
connection.send_bytes(FAILURE)
raise AuthenticationError('digest received was wrong')
This comparison should be made time-independent as to not leak information about the expected digest and allow an attacker to derive the full digest.
More info on such timing attacks:
http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/
http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/ |
|
Date |
User |
Action |
Args |
2012-04-08 20:27:43 | Jon.Oberheide | set | recipients:
+ Jon.Oberheide |
2012-04-08 20:27:43 | Jon.Oberheide | set | messageid: <1333916863.07.0.388274376094.issue14532@psf.upfronthosting.co.za> |
2012-04-08 20:27:42 | Jon.Oberheide | link | issue14532 messages |
2012-04-08 20:27:42 | Jon.Oberheide | create | |
|