[Python-Dev] Should secrets include a fallback for hmac.compare_digest?

[Nick Coghlan]

On 15 April 2016 at 14:52, Steven D'Aprano <steve at pearwood.info> wrote:
> Now that PEP 506 has been approved, I've checked in the secrets module,
> but an implementation question has come up regarding compare_digest.
>
> Currently, the module tries to import hmac.compare_digest, and if that
> fails, then it falls back to a Python version. But since compare_digest
> has been available since 3.3, I'm now questioning whether the fallback
> is useful at all. Perhaps for alternate Python implementations?
>
> So, two questions:
>
> - should secrets include a fallback?

It definitely *shouldn't* include a fallback, as the function needs to
be writen in C (or some other not-normal-Python-code language) in
order to provide the appropriate timing guarantees.

We added hmac.compare_digest in response to Python web frameworks
providing their own pure Python "constant time" comparison functions
that were nevertheless still subject to remote timing atacks.

I'd forgotten about the hmac vs operator indirection, but it's still
better to import the public API from hmac (since
operator._compare_digest is a Python implementation detail, and you
may as well make it easy to extract the secrets module for use in
earlier versions - 2.7 also gained hmac.compare_digest as part of PEP
466).

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia