New submission from Jon Oberheide <j...@oberheide.org>: The multiprocessing module performs a time-dependent comparison of the HMAC digest used for authentication:
def deliver_challenge(connection, authkey): import hmac assert isinstance(authkey, bytes) message = os.urandom(MESSAGE_LENGTH) connection.send_bytes(CHALLENGE + message) digest = hmac.new(authkey, message).digest() response = connection.recv_bytes(256) # reject large message if response == digest: connection.send_bytes(WELCOME) else: connection.send_bytes(FAILURE) raise AuthenticationError('digest received was wrong') This comparison should be made time-independent as to not leak information about the expected digest and allow an attacker to derive the full digest. More info on such timing attacks: http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/ http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/ ---------- components: Library (Lib) messages: 157809 nosy: Jon.Oberheide priority: normal severity: normal status: open title: multiprocessing module performs a time-dependent hmac comparison _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14532> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com