Simon Willison's Weblog: keyczarhttp://simonwillison.net/2010-01-04T15:23:32+00:00Simon WillisonTiming attack in Google Keyczar library2010-01-04T15:23:32+00:002010-01-04T15:23:32+00:00https://simonwillison.net/2010/Jan/4/timing/#atom-tag
<p><strong><a href="http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/">Timing attack in Google Keyczar library</a></strong></p>
An issue I also need to fix in the proposed Django signing code. If you’re comparing two strings in crypto (e.g. seeing if the provided signature matches the expected signature) you need to use a timing independent string comparison function or you risk leaking information. This kind of thing is exactly why I want an audited signing module in Django rather than leaving developers to figure it out on their own.
<p>Tags: <a href="https://simonwillison.net/tags/cryptography">cryptography</a>, <a href="https://simonwillison.net/tags/django">django</a>, <a href="https://simonwillison.net/tags/keyczar">keyczar</a>, <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/signing">signing</a>, <a href="https://simonwillison.net/tags/timing-attack">timing-attack</a></p>
Keyczar2008-08-13T13:20:59+00:002008-08-13T13:20:59+00:00https://simonwillison.net/2008/Aug/13/keyczar/#atom-tag
<p><strong><a href="http://www.keyczar.org/">Keyczar</a></strong></p>
New open source cryptography toolkit from Google, designed to get algorithm selection, key rotation and versioning right so you don’t have to. Java and Python versions are available; the Python version depends on PyCrypto.
<p><small></small>Via <a href="http://www.links.org/?p=374">Ben Laurie</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/ben-laurie">ben-laurie</a>, <a href="https://simonwillison.net/tags/encryption">encryption</a>, <a href="https://simonwillison.net/tags/google">google</a>, <a href="https://simonwillison.net/tags/java">java</a>, <a href="https://simonwillison.net/tags/keyczar">keyczar</a>, <a href="https://simonwillison.net/tags/keyrotation">keyrotation</a>, <a href="https://simonwillison.net/tags/pycrypto">pycrypto</a>, <a href="https://simonwillison.net/tags/python">python</a></p>