[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Christian Heimes added the comment: Python 3.3 contains a secure and working implementation for bytes. unicode isn't supported unless both sides contains ASCII text only. -- resolution: - fixed stage: - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Christian Heimes li...@cheimes.de added the comment: Nick has pushed a patch in rf36af3766a20 that disables the comparison of unicode strings. See #15061 -- dependencies: +hmac.secure_compare() leaks information about length of strings ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Nick Coghlan ncogh...@gmail.com added the comment: As a result of the discussions on #15061, I removed unicode comparison support altogether in f36af3766a20 (updating the warning on the hexdigest() method accordingly). Are folks happy to close this issue on that basis? (I'll raise the question of a separate C implementation on the other issue) -- nosy: +ncoghlan ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Jon Oberheide j...@oberheide.org added the comment: Sounds good to me, Nick. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Antoine Pitrou pit...@free.fr added the comment: With PEP 393 unicode objects can have several representations, which makes it unlikely that *really* constant-timing functions can be devised. However, a C version could provide some guarantees, by raising an error if the passed unicode strings use a different representation from each other. -- nosy: +pitrou ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Changes by Hynek Schlawack h...@ox.cx: -- nosy: +hynek ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Christian Heimes li...@cheimes.de added the comment: The second patch looks fine. -- nosy: +christian.heimes ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Jon Oberheide j...@oberheide.org added the comment: Thanks for the feedback, haypo. I've updated the patch to use unicode-internal. As long as the encode() of the expected non-attacker-controlled digest is not dependent on the actual contents of the digest, we should be good. -- Added file: http://bugs.python.org/file25801/secure-compare-fix-v2.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
STINNER Victor victor.stin...@gmail.com added the comment: I'm not sure that encoding to UTF-8 is time indenpendant. You may try UTF-32-LE or unicode-internal? -- nosy: +haypo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14955] hmac.secure_compare() is not time-independent for unicode strings
New submission from Jon Oberheide j...@oberheide.org: Hi all, I was informed that the hmac.secure_compare() function added in 14532 is not time-independent when processing unicode values: The function as given is probably not timing independent if the attacker can provide unicode values. This is because (in CPython at least) all integer values in the range [-5, 256] inclusive are made singletons to avoid the performance hit of integer object creation, meaning that as long as (x ^ y) 257, no integer object is created and the function appears constant time. When that assumption is violated, you get a timing delta that is actually fairly large compared to the delta for a single character compare. One way to work around this issue is to perform strict 8-bit byte comparisons by converting any string type parameters to bytes via a utf-8 encode. The attached patch does this. Regards, Jon Oberheide -- components: Library (Lib) files: secure-compare-fix-v1.patch keywords: patch messages: 161898 nosy: Jon.Oberheide priority: normal severity: normal status: open title: hmac.secure_compare() is not time-independent for unicode strings type: security versions: Python 3.3 Added file: http://bugs.python.org/file25756/secure-compare-fix-v1.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14955 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com