On Friday, November 5, 2010, <exar...@twistedmatrix.com> wrote: > On 12:21 am, m...@gsites.de wrote: > > Am 04.11.2010 17:15, schrieb anatoly techtonik: >> pickle is insecure, marshal too. > > If the transport or storage layer is not save, you should cryptographically > sign the data anyway:: > > def pickle_encode(data, key): > msg = base64.b64encode(pickle.dumps(data, -1)) > sig = base64.b64encode(hmac.new(key, msg).digest()) > return sig + ':' + msg > > def pickle_decode(data, key): > if data and ':' in data: > sig, msg = data.split(':', 1) > if sig == base64.b64encode(hmac.new(key, msg).digest()): > return pickle.loads(base64.b64decode(msg)) > raise pickle.UnpicklingError("Wrong or missing signature.") > > Bottle (a web framework) uses a similar approach to store non-string data in > client-side cookies. I don't see a (security) problem here. > > > Your pickle_decode leaks information about the key. An attacker will > eventually (a few seconds to a few minutes, depending on how they have access > to this system) be able to determine your key and send you arbitrary pickles > (ie, execute arbitrary code on your system). > > Oops. > > This stuff is hard. If you're going to mess around with it, make sure you're > *serious* (better approach: don't mess around with it).
Specifically you need to use a constant time signature verification or else there are possible timing attacks. Sounds like something a hmac module should provide in the first place. But yeah, this stuff is hard, better to just not have a code execution hole in the first place. -bob _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com