This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author loewis
Recipients arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, pitrou
Date 2012-06-15.07:38:48
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <4FDAE687.4000104@v.loewis.de>
In-reply-to <F432E3FD-4D58-4535-90B9-A3B6C4B978E5@ox.cx>
Content
> Well, one example:
> https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py 

It says that it needs that, but I fail to understand why.
pbkdf2 is used to generate encryption keys from passwords, where
you don't need to compare strings at all. Instead, you derive a
key from the password, and use the key e.g. for AES encryption.

If you use pdkdf2 for password hashing, then you do need a comparison
function, but it's irrelevant whether that is time-independent. If an
attacker was able to determine that his hash brings him close to the
actual hash, this is no gain in cracking - since similar hashes do
not at all mean that the passwords are similar.

> and any other place that compares passwords, tokens, …

No no no. Any sensible place to compare passwords would use some
sort of one-way function (password hash) before the comparison,
so that someone breaking into the machine will not gain the clear
text passwords. As a side effect, timing attacks become futile,
since hash functions provide confusion and diffusion, so if a
timing attack detects that it found a key that hashes similar to
the real key, that doesn't get it any closer to revealing the
real key.
History
Date User Action Args
2012-06-15 07:38:49loewissetrecipients: + loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall, hynek
2012-06-15 07:38:48loewislinkissue15061 messages
2012-06-15 07:38:48loewiscreate