Maciej Fijalkowski <fij...@gmail.com> added the comment: On Fri, Jun 15, 2012 at 9:41 AM, Nick Coghlan <rep...@bugs.python.org>wrote:
> > Nick Coghlan <ncogh...@gmail.com> added the comment: > > To repeat, the specific feature being proposed for retention is: > > * a function called hmac.total_compare() that is clearly documented as > being still vulnerable to timing analysis given a sufficiently > sophisticated attacker, while still being more resistant to such analysis > than the standard comparison operator > > * restricting that function to operating on bytes, to eliminate timing > variations associated with encoding/decoding of Unicode text and reduce > those associated with the calculation of integer values > > Leaking less information on each comparison is intended to increase the > effectiveness of higher level timing attack countermeasures (such as rate > limiting and lockouts). Anyone that would use "hmac.total_compare" and call > it done is likely using ordinary comparison today (which is even worse). > > ---------- > > _______________________________________ > Python tracker <rep...@bugs.python.org> > <http://bugs.python.org/issue15061> > _______________________________________ > Nick, I fail to understand why are you opposing writing such a function in C. Such a function can be provably time-independent (and as MvL says this is a binary state), at least as long as it operates on bytes (I'll refrain from asking about unicode, I think it's possible, but I dunno). For the same function in python it's at the very least much harder to prove (and has bugs as we've seen) Cheers, fijal ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com