This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hynek
Recipients arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, pitrou
Date 2012-06-15.06:19:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <95A3CDBD-3E66-42F9-B6E4-0790BA20606C@ox.cx>
In-reply-to <1339724244.24.0.948516476868.issue15061@psf.upfronthosting.co.za>
Content
> "Secure" vs "not secure" is not a binary state - it's about making attacks progressively more difficult. Something that is secure against a casual script kiddie scatter gunning attacks on various sites with an automated script won't stand up to a systematic attack from a motivated attacker (also see the reporting on Flame and Stuxnet for what a *really* motivated and well resourced attacker can achieve).

The problem here is, that _if_ you add a "secure" to the name of a method, it becomes binary. At least in the minds of the users. I know you address that, but that's the main point here.

> Regardless, the target needs to be *improving the status quo*.
> 
> Being able to tell people "using hmac.total_compare will make you less vulnerable to timing attacks than using ordinary short circuiting comparisons" is a *good thing*. We just need to be careful not to oversell it as making you *immune* to timing attacks.

Why not write a C function which can be more secure than Python code? I would argue that would be an general asset for the stdlib, not just for HMAC (therefore, I'd put it elsewhere).
History
Date User Action Args
2012-06-15 06:19:45hyneksetrecipients: + hynek, loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall
2012-06-15 06:19:44hyneklinkissue15061 messages
2012-06-15 06:19:44hynekcreate