3 Keyed hashing
This chapter covers
- Generating a secure key
- Verifying data authentication with keyed hashing
- Cryptographic hashing with the hmac module
- Preventing timing attacks
In the previous chapter you learned how to ensure data integrity with hash functions. In this chapter you’ll learn how to ensure data authentication with keyed hash functions. I’ll show you how to safely generate random numbers and passphrases. Along the way you’ll learn about the os, secrets, random and hmac modules. Finally, you’ll learn how to identify and resist timing attacks with constant time hash value comparison.
3.1 Data authentication
Let’s revisit the document management system Alice worked on in the previous chapter. The system hashes each new document before storing it. To verify the integrity of a document the system hashes it again, comparing the new hash value to the old hash value. If the hash values don’t match, the document is considered corrupt. If the hash values do match, the document is considered intact. Alice’s system effectively detects accidental data corruption but it is less than perfect.