问题描述
我使用Python 2.7并使用 hmac
库创建HMAC。 Python 3.3包含一个 compare_digest()
函数,它将比较两个摘要并抵制定时攻击,但这在2.7中不可用。优先的建议不是滚动我自己的加密,所以有什么成熟的Python库提供的功能吗?对于任何人从搜索中找到这个,如果使用Django,那么你也可以使用<$ p>
>> from django.utils.crypto import constant_time_compare
>>>> constant_time_compare(foo,bar)
False
>>> constant_time_compare(foo,foo)
True
注意(实际使用 hmac.compare_digest
如果存在):
I'm using Python 2.7 and am creating an HMAC using the hmac
library. Python 3.3 includes a compare_digest()
function that will compare two digests and resist timing attacks, but that's not available in 2.7. Prevailing advice is not to roll my own crypto, so are there any mature Python libraries that provide that functionality? PyCrypto does not appear to.
For anyone finding this from search, if using Django, then you can also use the constant_time_compare
function in django.utils.crypto
.
>>> from django.utils.crypto import constant_time_compare
>>> constant_time_compare("foo", "bar")
False
>>> constant_time_compare("foo", "foo")
True
That this comes with the same caveat as hmac.compare_digest
(and actually uses hmac.compare_digest
if it exists):
这篇关于如何安全地验证Python 2.7中的HMAC?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!