docs/hazmat/primitives/constant-time.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

.. hazmat::

Constant time functions
=======================

.. currentmodule:: cryptography.hazmat.primitives.constant_time

In order for cryptographic operations to not leak information through timing
side channels, constant time operations need to be used.

One should use these functions whenever you are comparing a secret to
something received. This includes things like HMAC signatures as described by
a `timing attack on KeyCzar`_.


.. function:: bytes_eq(a, b)

    Compare ``a`` and ``b`` to one another in constant time if they are of the
    same length.

    .. doctest::

        >>> from cryptography.hazmat.primitives import constant_time
        >>> constant_time.bytes_eq(b"foo", b"foo")
        True
        >>> constant_time.bytes_eq(b"foo", b"bar")
        False

    :param a bytes: The left-hand side.
    :param b bytes: The right-hand side.
    :returns boolean: True if ``a`` has the same bytes as ``b``.


.. _`timing attack on KeyCzar`: http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/