[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2165: use bigger random one-time keys, rename to "timing_safe_compare"
Tahoe-LAFS
trac at tahoe-lafs.org
Tue Apr 15 15:02:08 UTC 2014
#2165: use bigger random one-time keys, rename to "timing_safe_compare"
-----------------------------+-------------------------------------
Reporter: zooko | Owner: daira
Type: enhancement | Status: closed
Priority: normal | Milestone: 1.11.0
Component: code | Version: 1.10.0
Resolution: fixed | Keywords: cleanup security timing
Launchpad Bug: |
-----------------------------+-------------------------------------
Comment (by zooko):
Replying to [comment:11 warner]:
> BTW, looking back at it, I don't believe the os.urandom is necessary at
all. {{{hash(X) == hash(Y)}}} is sufficient, as long as the attacker only
gets to submit "X" and not {{{hash(X)}}}.
That's funny, Brian! Because when you first invented this, I suggested
{{{hash(X) == hash(Y)}}} instead, and you objected that you weren't
entirely sure that was safe, and I later decided that you were right!
The thing is, the computation of {{{hash(X)}}} (where {{{X}}} is the
secret) might leak information about {{{X}}}!
Although I guess you could always just compute that one time at process-
start-up and store the value of {{{hash(X)}}} and use that. Okay, I'm
convinced *that* would be safe. ☺
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2165#comment:12>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list