search

mvondracek / PA193_mnemonic_Slytherin

BIP39 Mnemonic Phrase Generator and Verifier
0 stars 3 forks source link

Replace use of `hmac.compare_digest` #16

Closed mvondracek closed 4 years ago

mvondracek commented 4 years ago

hmac.compare_digest` uses an approach designed to prevent timing analysis by avoiding content-based short circuiting behaviour, making it appropriate for cryptography https://docs.python.org/3.7/library/hmac.html#hmac.compare_digest

Note: If a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b—but not their values.

Type and length of seeds is known to the attacker, but not the value of expected seed.

I will ask after next lecture about hmac module.

lsolodkova commented 4 years ago

Actually, if we're really allowed to use anything from standard Python library aside from sha256 and sha512, it would be a cheating, since we could also use the whole pbkdf2 from hashlib.

mvondracek commented 4 years ago

Then the right question is what parts of standard library are we allowed to use... :) unhexlify from binascii, unittest, argsparse? I will ask after lecture to make sure.

mvondracek commented 4 years ago

I asked today. We can use functionality from the standard library. I even asked explicitly about PBKDF2. We should use standard library "reasonably".

I think it would be best to use functionality from standard library and when the implementation is finished (from our point of view), we can think about e. g. C extension modules as an excercise for static and dynamic analysis tools for C.

I would use standard library now.

mvondracek commented 4 years ago

Related: 53f79249f97a613a64b85800036c117629d606b9, 402bb0e.

mvondracek commented 4 years ago

As I pointed out in here in #12, this was changed and we cannot use Python's PBKDF2. Function hmac.compare_digest probably should not be used as well.

mvondracek commented 4 years ago

Closed by #45