From: Antoine Pitrou Date: Sun, 24 Jun 2012 14:23:54 +0000 (+0200) Subject: Remove a detailed discussion of content-based short circuiting, off topic for library... X-Git-Tag: v3.3.0b1~54 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5f762af3bcfada7bb1a79c3ca78c6f3292dcc4ef;p=python Remove a detailed discussion of content-based short circuiting, off topic for library docs. --- diff --git a/Doc/library/hmac.rst b/Doc/library/hmac.rst index 809636e42b..38f1687b0b 100644 --- a/Doc/library/hmac.rst +++ b/Doc/library/hmac.rst @@ -70,22 +70,13 @@ This module also provides the following helper function: .. function:: compare_digest(a, b) - Return ``a == b``. This function uses an approach designed to prevent timing - analysis by avoiding content based short circuiting behaviour, making it - appropriate for cryptography. *a* and *b* must both be of the same type: - either :class:`str` (ASCII only, as e.g. returned by + Return ``a == b``. This function uses an approach designed to prevent + timing analysis by avoiding content-based short circuiting behaviour, + making it appropriate for cryptography. *a* and *b* must both be of the + same type: either :class:`str` (ASCII only, as e.g. returned by :meth:`HMAC.hexdigest`), or any type that supports the buffer protocol (e.g. :class:`bytes`). - Using a short circuiting comparison (that is, one that terminates as soon as - it finds any difference between the values) to check digests for correctness - can be problematic, as it introduces a potential vulnerability when an - attacker can control both the message to be checked *and* the purported - signature value. By keeping the plaintext consistent and supplying different - signature values, an attacker may be able to use timing variations to search - the signature space for the expected value in O(n) time rather than the - desired O(2**n). - .. note:: If *a* and *b* are of different lengths, or if an error occurs,