I'm using Python 2.7 and am creating an HMAC using the hmac library. Python 3.3 includes a compare_digest() function that will compare two digests and resist timing attacks, but that's not available in 2.7. Prevailing advice is not to roll my own crypto, so are there any mature Python libraries that provide that functionality? PyCrypto does not appear to.
For anyone finding this from search, if using Django, then you can also use the constant_time_compare function in django.utils.crypto.
>>> from django.utils.crypto import constant_time_compare
>>> constant_time_compare("foo", "bar")
False
>>> constant_time_compare("foo", "foo")
True
That this comes with the same caveat as hmac.compare_digest (and actually uses hmac.compare_digest if it exists):
Note: If a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b–but not their values.
I would suggest you just use the secure compare method available in 3.3.
This is an implementation that is very similar to the Python implementation:
def compare_digest(x, y):
if not (isinstance(x, bytes) and isinstance(y, bytes)):
raise TypeError("both inputs should be instances of bytes")
if len(x) != len(y):
return False
result = 0
for a, b in zip(x, y):
result |= a ^ b
return result == 0
Can't see how that would breach any licenses.
If you have access to Python 2.7.7, compare_digest() was recently backported to this version (as well as the more secure 3.x SSL module in 2.7.9).
来源:https://stackoverflow.com/questions/18168819/how-to-securely-verify-an-hmac-in-python-2-7