How to securely verify an HMAC in Python 2.7?

StackOverflow https://stackoverflow.com/questions/18168819

Question

I'm using Python 2.7 and am creating an HMAC using the hmac library. Python 3.3 includes a compare_digest() function that will compare two digests and resist timing attacks, but that's not available in 2.7. Prevailing advice is not to roll my own crypto, so are there any mature Python libraries that provide that functionality? PyCrypto does not appear to.

Was it helpful?

Solution

For anyone finding this from search, if using Django, then you can also use the constant_time_compare function in django.utils.crypto.

>>> from django.utils.crypto import constant_time_compare
>>> constant_time_compare("foo", "bar")
False
>>> constant_time_compare("foo", "foo")
True

That this comes with the same caveat as hmac.compare_digest (and actually uses hmac.compare_digest if it exists):

Note: If a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b–but not their values.

OTHER TIPS

I would suggest you just use the secure compare method available in 3.3.

This is an implementation that is very similar to the Python implementation:

def compare_digest(x, y):
    if not (isinstance(x, bytes) and isinstance(y, bytes)):
        raise TypeError("both inputs should be instances of bytes")
    if len(x) != len(y):
        return False
    result = 0
    for a, b in zip(x, y):
        result |= a ^ b
    return result == 0

Can't see how that would breach any licenses.

If you have access to Python 2.7.7, compare_digest() was recently backported to this version (as well as the more secure 3.x SSL module in 2.7.9).

https://www.python.org/dev/peps/pep-0466/

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top