diff options
| author | Charles-François Natali <neologix@free.fr> | 2012-05-13 17:53:07 (GMT) |
|---|---|---|
| committer | Charles-François Natali <neologix@free.fr> | 2012-05-13 17:53:07 (GMT) |
| commit | 7feb9f42258ff72ce1d3628c5ccc261c2ca238b9 (patch) | |
| tree | 3ac35288be0b37833dfe58cc5829a7c0cf9b3f3f /Doc/library/hmac.rst | |
| parent | d200bf534b6d97ee607e1071d0cb2d93e4506268 (diff) | |
| download | cpython-7feb9f42258ff72ce1d3628c5ccc261c2ca238b9.zip cpython-7feb9f42258ff72ce1d3628c5ccc261c2ca238b9.tar.gz cpython-7feb9f42258ff72ce1d3628c5ccc261c2ca238b9.tar.bz2 | |
Issue #14532: Add a secure_compare() helper to the hmac module, to mitigate
timing attacks. Patch by Jon Oberheide.
Diffstat (limited to 'Doc/library/hmac.rst')
| -rw-r--r-- | Doc/library/hmac.rst | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/Doc/library/hmac.rst b/Doc/library/hmac.rst index eff2724..e8f6488 100644 --- a/Doc/library/hmac.rst +++ b/Doc/library/hmac.rst @@ -38,6 +38,13 @@ An HMAC object has the following methods: given to the constructor. It may contain non-ASCII bytes, including NUL bytes. + .. warning:: + + When comparing the output of :meth:`digest` to an externally-supplied + digest during a verification routine, it is recommended to use the + :func:`hmac.secure_compare` function instead of the ``==`` operator + to avoid potential timing attacks. + .. method:: HMAC.hexdigest() @@ -45,6 +52,13 @@ An HMAC object has the following methods: length containing only hexadecimal digits. This may be used to exchange the value safely in email or other non-binary environments. + .. warning:: + + When comparing the output of :meth:`hexdigest` to an externally-supplied + digest during a verification routine, it is recommended to use the + :func:`hmac.secure_compare` function instead of the ``==`` operator + to avoid potential timing attacks. + .. method:: HMAC.copy() @@ -52,6 +66,24 @@ An HMAC object has the following methods: compute the digests of strings that share a common initial substring. +This module also provides the following helper function: + +.. function:: secure_compare(a, b) + + Returns the equivalent of ``a == b``, but using a time-independent + comparison method. Comparing the full lengths of the inputs *a* and *b*, + instead of short-circuiting the comparison upon the first unequal byte, + prevents leaking information about the inputs being compared and mitigates + potential timing attacks. The inputs must be either :class:`str` or + :class:`bytes` instances. + + .. note:: + + While the :func:`hmac.secure_compare` function prevents leaking the + contents of the inputs via a timing attack, it does leak the length + of the inputs. However, this generally is not a security risk. + + .. seealso:: Module :mod:`hashlib` |