[Python-Dev] Should secrets include a fallback for hmac.compare_digest? (original) (raw)
Nick Coghlan ncoghlan at gmail.com
Fri Apr 15 06:48:44 EDT 2016
- Previous message (by thread): [Python-Dev] Should secrets include a fallback for hmac.compare_digest?
- Next message (by thread): [Python-Dev] PEP 8 updated on whether to break before or after a binary update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 15 April 2016 at 14:52, Steven D'Aprano <steve at pearwood.info> wrote:
Now that PEP 506 has been approved, I've checked in the secrets module, but an implementation question has come up regarding comparedigest.
Currently, the module tries to import hmac.comparedigest, and if that fails, then it falls back to a Python version. But since comparedigest has been available since 3.3, I'm now questioning whether the fallback is useful at all. Perhaps for alternate Python implementations? So, two questions: - should secrets include a fallback?
It definitely shouldn't include a fallback, as the function needs to be writen in C (or some other not-normal-Python-code language) in order to provide the appropriate timing guarantees.
We added hmac.compare_digest in response to Python web frameworks providing their own pure Python "constant time" comparison functions that were nevertheless still subject to remote timing atacks.
I'd forgotten about the hmac vs operator indirection, but it's still better to import the public API from hmac (since operator._compare_digest is a Python implementation detail, and you may as well make it easy to extract the secrets module for use in earlier versions - 2.7 also gained hmac.compare_digest as part of PEP 466).
Cheers, Nick.
-- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
- Previous message (by thread): [Python-Dev] Should secrets include a fallback for hmac.compare_digest?
- Next message (by thread): [Python-Dev] PEP 8 updated on whether to break before or after a binary update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]