Hynek Schlawack <h...@ox.cx> added the comment: > "Secure" vs "not secure" is not a binary state - it's about making attacks > progressively more difficult. Something that is secure against a casual > script kiddie scatter gunning attacks on various sites with an automated > script won't stand up to a systematic attack from a motivated attacker (also > see the reporting on Flame and Stuxnet for what a *really* motivated and well > resourced attacker can achieve).
The problem here is, that _if_ you add a "secure" to the name of a method, it becomes binary. At least in the minds of the users. I know you address that, but that's the main point here. > Regardless, the target needs to be *improving the status quo*. > > Being able to tell people "using hmac.total_compare will make you less > vulnerable to timing attacks than using ordinary short circuiting > comparisons" is a *good thing*. We just need to be careful not to oversell it > as making you *immune* to timing attacks. Why not write a C function which can be more secure than Python code? I would argue that would be an general asset for the stdlib, not just for HMAC (therefore, I'd put it elsewhere). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
