Message162855
To repeat, the specific feature being proposed for retention is:
* a function called hmac.total_compare() that is clearly documented as being still vulnerable to timing analysis given a sufficiently sophisticated attacker, while still being more resistant to such analysis than the standard comparison operator
* restricting that function to operating on bytes, to eliminate timing variations associated with encoding/decoding of Unicode text and reduce those associated with the calculation of integer values
Leaking less information on each comparison is intended to increase the effectiveness of higher level timing attack countermeasures (such as rate limiting and lockouts). Anyone that would use "hmac.total_compare" and call it done is likely using ordinary comparison today (which is even worse). |
|
Date |
User |
Action |
Args |
2012-06-15 07:41:41 | ncoghlan | set | recipients:
+ ncoghlan, loewis, arigo, pitrou, christian.heimes, fijall, hynek |
2012-06-15 07:41:41 | ncoghlan | set | messageid: <1339746101.2.0.168012572077.issue15061@psf.upfronthosting.co.za> |
2012-06-15 07:41:40 | ncoghlan | link | issue15061 messages |
2012-06-15 07:41:40 | ncoghlan | create | |
|