Message162853
> Well, one example:
> https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py
It says that it needs that, but I fail to understand why.
pbkdf2 is used to generate encryption keys from passwords, where
you don't need to compare strings at all. Instead, you derive a
key from the password, and use the key e.g. for AES encryption.
If you use pdkdf2 for password hashing, then you do need a comparison
function, but it's irrelevant whether that is time-independent. If an
attacker was able to determine that his hash brings him close to the
actual hash, this is no gain in cracking - since similar hashes do
not at all mean that the passwords are similar.
> and any other place that compares passwords, tokens, …
No no no. Any sensible place to compare passwords would use some
sort of one-way function (password hash) before the comparison,
so that someone breaking into the machine will not gain the clear
text passwords. As a side effect, timing attacks become futile,
since hash functions provide confusion and diffusion, so if a
timing attack detects that it found a key that hashes similar to
the real key, that doesn't get it any closer to revealing the
real key. |
|
Date |
User |
Action |
Args |
2012-06-15 07:38:49 | loewis | set | recipients:
+ loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall, hynek |
2012-06-15 07:38:48 | loewis | link | issue15061 messages |
2012-06-15 07:38:48 | loewis | create | |
|