3 Keyed hashing
This chapter covers
- Generating a secure key
- Verifying data authentication with keyed hashing
- Cryptographic hashing with the hmac module
- Preventing timing attacks
In the previous chapter you learned how to ensure data integrity with hash functions. In this chapter you’ll learn how to ensure data authentication with keyed hash functions. I’ll show you how to safely generate random numbers and passphrases. Along the way you’ll learn about the os, secrets, random and hmac modules. Finally, you learn how to resist timing attacks by comparing hash values in length-constant time.
3.1 Data authentication
Let’s revisit Alice’s document management system from the previous chapter. The system hashes each new document before storing it. To verify the integrity of a document the system rehashes it and compares the new hash value to the old hash value. If the hash values don’t match, the document is considered corrupt. If the hash values do match, the document is considered intact.