On 12:21 am, marc at gsites.de wrote:
>Am 04.11.2010 17:15, schrieb anatoly techtonik:
> > pickle is insecure, marshal too.
>
>If the transport or storage layer is not save, you should
>cryptographically sign the data anyway::
>
> def pickle_encode(data, key):
> msg = base64.b64encode(pickle.dumps(data, -1))
> sig = base64.b64encode(hmac.new(key, msg).digest())
> return sig + ':' + msg
>
> def pickle_decode(data, key):
> if data and ':' in data:
> sig, msg = data.split(':', 1)
> if sig == base64.b64encode(hmac.new(key, msg).digest()):
> return pickle.loads(base64.b64decode(msg))
> raise pickle.UnpicklingError("Wrong or missing signature.")
>
>Bottle (a web framework) uses a similar approach to store non-string
>data in client-side cookies. I don't see a (security) problem here.
Your pickle_decode leaks information about the key. An attacker will
eventually (a few seconds to a few minutes, depending on how they have
access to this system) be able to determine your key and send you
arbitrary pickles (ie, execute arbitrary code on your system).
Oops.
This stuff is hard. If you're going to mess around with it, make sure
you're *serious* (better approach: don't mess around with it).
Jean-Paul
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4