In the previous chapter, you learned how to ensure data integrity with hash functions. In this chapter, you’ll learn how to ensure data authentication with keyed hash functions. I’ll show you how to safely generate random numbers and passphrases. Along the way, you’ll learn about the os, secrets, random, and hmac modules. Finally, you learn how to resist timing attacks by comparing hash values in length-constant time.
Let’s revisit Alice’s document management system from the previous chapter. The system hashes each new document before storing it. To verify the integrity of a document, the system rehashes it and compares the new hash value to the old hash value. If the hash values don’t match, the document is considered corrupt. If the hash values do match, the document is considered intact.