Comments (1)
This is to prevent timing attacks. The ==
operatore compares byte by byte. It "stops" as soon as the first byte mismatches. In a typical scenario (e.g. a server validates incoming GCM messages) where an attacker who tries to spoof messages, could measure how much bytes of the MAC of the spoofed message they 'guessed' correctly.
The blake2 hash randomizes - 'blinds' - the comparison, so repeated measurements does not leak any information about the MAC tag.
An alternative to blinding would be hmac.compare_digest.
from pycryptodome.
Related Issues (20)
- Make PKCS8.wrap() parameters available when exporting keypair to PEM (feature request) HOT 1
- "AES" is unknown import symbolPylancereportGeneralTypeIssues (import) AES: Unknown HOT 4
- pycryptodome 3.20.0 fails on Debian armel HOT 1
- pycryptodome 3.20.0 fails on Debian mips64el HOT 1
- Question: What are the fix patches for CVE-2023-52323? HOT 4
- Evalue e'th modular root
- Win10 FFIError: multiple declarations of function Salsa20_8_core (for interactive usage, try cdef(xx, override=True))
- Windows Deferder Error HOT 2
- errors in documentation HOT 1
- Problem Kodi 20.5 + pycryotodome HOT 2
- Possible dereference of null pointer. HOT 1
- XChaCha20 Inconsistencies
- CCM mode doesn't check message length
- Build failure on CPython `3.13t` (disabled GIL): would build wheel with unsupported tag HOT 4
- Import of rsa-pss public key failed HOT 1
- Feature request: AEGIS cipher
- RSA.generate produces the same key each time HOT 3
- _import_rfc5915_der expects optional parameter to be present
- How to ensure that the pycryptodome library is secure and does not send passwords to the backend HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pycryptodome.