Message 163623 - Python tracker

Message163623

Author	ncoghlan
Recipients	Jon.Oberheide, alex, christian.heimes, fijall, georg.brandl, hynek, loewis, ncoghlan, petri.lehtinen, pitrou, python-dev, serhiy.storchaka
Date	2012-06-23.15:08:57
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1340464138.35.0.479623648128.issue15061@psf.upfronthosting.co.za>
In-reply-to

Content
This is why I wanted to close the issue with the pure Python implementation, and punt on the question of a C accelerator for the moment. compare_digest is effectively the same as what all the Python web servers and frameworks do now for signature checking. Yes, it's more vulnerable to timing attacks than a C implementation, but it's going to to take a sophisticated attacker to attack that through the noise of network jitter. It's sufficiently hardened that's it's unlikely to be the weakest link in the security chain. For 3.4, I hope to see a discussion open up regarding the idea of something like a "securitytools" module that aims to provide some basic primitives for operations where Python's standard assumptions (such as flexibility and short circuiting behaviour) are a bad fit for security reasons. That would include exposing a C level full_compare option, as well as the core pbkdf2 algorithm.

Content

This is why I wanted to close the issue with the pure Python implementation, and punt on the question of a C accelerator for the moment.

compare_digest is effectively the same as what all the Python web servers and frameworks do now for signature checking. Yes, it's more vulnerable to timing attacks than a C implementation, but it's going to to take a sophisticated attacker to attack that through the noise of network jitter. It's sufficiently hardened that's it's unlikely to be the weakest link in the security chain.

For 3.4, I hope to see a discussion open up regarding the idea of something like a "securitytools" module that aims to provide some basic primitives for operations where Python's standard assumptions (such as flexibility and short circuiting behaviour) are a bad fit for security reasons. That would include exposing a C level full_compare option, as well as the core pbkdf2 algorithm.

History
Date	User	Action	Args
2012-06-23 15:08:58	ncoghlan	set	recipients: + ncoghlan, loewis, georg.brandl, pitrou, christian.heimes, alex, fijall, python-dev, petri.lehtinen, hynek, serhiy.storchaka, Jon.Oberheide
2012-06-23 15:08:58	ncoghlan	set	messageid: <1340464138.35.0.479623648128.issue15061@psf.upfronthosting.co.za>
2012-06-23 15:08:57	ncoghlan	link	issue15061 messages
2012-06-23 15:08:57	ncoghlan	create