From 5f762af3bcfada7bb1a79c3ca78c6f3292dcc4ef Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sun, 24 Jun 2012 16:23:54 +0200 Subject: [PATCH] Remove a detailed discussion of content-based short circuiting, off topic for library docs. --- Doc/library/hmac.rst | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/Doc/library/hmac.rst b/Doc/library/hmac.rst index 809636e42b8..38f1687b0b7 100644 --- a/Doc/library/hmac.rst +++ b/Doc/library/hmac.rst @@ -70,22 +70,13 @@ This module also provides the following helper function: .. function:: compare_digest(a, b) - Return ``a == b``. This function uses an approach designed to prevent timing - analysis by avoiding content based short circuiting behaviour, making it - appropriate for cryptography. *a* and *b* must both be of the same type: - either :class:`str` (ASCII only, as e.g. returned by + Return ``a == b``. This function uses an approach designed to prevent + timing analysis by avoiding content-based short circuiting behaviour, + making it appropriate for cryptography. *a* and *b* must both be of the + same type: either :class:`str` (ASCII only, as e.g. returned by :meth:`HMAC.hexdigest`), or any type that supports the buffer protocol (e.g. :class:`bytes`). - Using a short circuiting comparison (that is, one that terminates as soon as - it finds any difference between the values) to check digests for correctness - can be problematic, as it introduces a potential vulnerability when an - attacker can control both the message to be checked *and* the purported - signature value. By keeping the plaintext consistent and supplying different - signature values, an attacker may be able to use timing variations to search - the signature space for the expected value in O(n) time rather than the - desired O(2**n). - .. note:: If *a* and *b* are of different lengths, or if an error occurs,