Maciej Fijalkowski <fij...@gmail.com> added the comment: On Fri, Jun 15, 2012 at 10:09 AM, Martin v. Löwis <rep...@bugs.python.org>wrote:
> > Martin v. Löwis <mar...@v.loewis.de> added the comment: > > > Note that this does not relief you from using a time-independent > comparison > > function. If you call some hash function (which time is known to the > > attacker), then you compare it against a stored hashed version. If you > use > > a normal compare you're leaking the hash. This is indeed not as bad as > > leaking the password, but it has been demonstrated that one-direction > > functions are still vulnerable to some sort of attacks, so it's not ideal > > either. > > But you don't leak the hash - you leak the first byte of the hash if you > make 256 tries, and the first two bytes if you make 65536 tries. To leak > the first four bytes of the hash, you need to make 2**32 tries. > So this is equivalent to a brute-force attack, which works just as well > against a time-independent function. So using a time-independent > function does not add any security. > > ---------- > > _______________________________________ > Python tracker <rep...@bugs.python.org> > <http://bugs.python.org/issue15061> > _______________________________________ > Martin, you fail to understand how this works. You don't do 2**32 tries to leak the 4 charaters, you need 4 * 256, that's why this attack is so bad, because the time needed for the next character is brute force, but then you can move on to the next one. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
