Message163623
This is why I wanted to close the issue with the pure Python implementation, and punt on the question of a C accelerator for the moment.
compare_digest is effectively the same as what all the Python web servers and frameworks do now for signature checking. Yes, it's more vulnerable to timing attacks than a C implementation, but it's going to to take a sophisticated attacker to attack that through the noise of network jitter. It's sufficiently hardened that's it's unlikely to be the weakest link in the security chain.
For 3.4, I hope to see a discussion open up regarding the idea of something like a "securitytools" module that aims to provide some basic primitives for operations where Python's standard assumptions (such as flexibility and short circuiting behaviour) are a bad fit for security reasons. That would include exposing a C level full_compare option, as well as the core pbkdf2 algorithm. |
|
Date |
User |
Action |
Args |
2012-06-23 15:08:58 | ncoghlan | set | recipients:
+ ncoghlan, loewis, georg.brandl, pitrou, christian.heimes, alex, fijall, python-dev, petri.lehtinen, hynek, serhiy.storchaka, Jon.Oberheide |
2012-06-23 15:08:58 | ncoghlan | set | messageid: <1340464138.35.0.479623648128.issue15061@psf.upfronthosting.co.za> |
2012-06-23 15:08:57 | ncoghlan | link | issue15061 messages |
2012-06-23 15:08:57 | ncoghlan | create | |
|