gh-61460: Stronger HMAC in multiprocessing #20380
Conversation
Signed-off-by: Christian Heimes <christian@python.org>
tiran
force-pushed
the
bpo17258-multiproc-md5
branch
from
f4d7007 to
c7f7680
Compare
|
I'm just wondering here, but is this still waiting for reviews before it can be merged? |
There was a problem hiding this comment.
Why jump through all the hoops to specify the digest in the protocol? Don't we always control both ends of the connection so there should never be a situation where negotiation and understanding of what was used is needed?
That'd be a lot less complicated.
And not prone to the potential problem this has of always stooping to the lowest level decided upon out by the challenge initiator rather than requiring a specific hash to be used on the channel.
Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst
Outdated
Show resolved
Hide resolved
The protocol modification idea remains, but we now take advantage of the message length as an indicator of legacy vs modern protocol version. No more regular expression usage. We now default to HMAC-SHA256, but do so in a way that will be compatible when communicating with older clients or older servers. No protocol transition period is needed. More unittests to verify these claims remain true are required.
gpshead
changed the title
✅ Deploy Preview for python-cpython-preview ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
|
merged, we'll see how this goes during the betas! |
|
Given this is backwards and forwards compatible, and doesn't change default connectivity methods, has it been considered for backports to earlier python versions? as it would increase overlap as to which servers can interoperate, thus allowing to eventually change the default organically as md5 drops off in availability on the most modern servers/OSes. |
|
There's no appetite to do it (see my comment on the original issue, this is a feature, not a bugfix, and not a security fix 3.11 and earlier are security fix only now). People who think they need this are better off upgrading to 3.12. (the default does change in this PR FWIW, but if someone were backporting it into their own old runtime they could consider making |
bpo-17258: `multiprocessing` now supports stronger HMAC algorithms for inter-process connection authentication rather than only HMAC-MD5. Signed-off-by: Christian Heimes <christian@python.org> gpshead: I Reworked to be more robust while keeping the idea. The protocol modification idea remains, but we now take advantage of the message length as an indicator of legacy vs modern protocol version. No more regular expression usage. We now default to HMAC-SHA256, but do so in a way that will be compatible when communicating with older clients or older servers. No protocol transition period is needed. More integration tests to verify these claims remain true are required. I'm unaware of anyone depending on multiprocessing connections between different Python versions. --------- (cherry picked from commit 3ed57e4) Co-authored-by: Christian Heimes <christian@python.org> Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
bpo-17258: `multiprocessing` now supports stronger HMAC algorithms for inter-process connection authentication rather than only HMAC-MD5. Signed-off-by: Christian Heimes <christian@python.org> gpshead: I Reworked to be more robust while keeping the idea. The protocol modification idea remains, but we now take advantage of the message length as an indicator of legacy vs modern protocol version. No more regular expression usage. We now default to HMAC-SHA256, but do so in a way that will be compatible when communicating with older clients or older servers. No protocol transition period is needed. More integration tests to verify these claims remain true are required. I'm unaware of anyone depending on multiprocessing connections between different Python versions. --------- (cherry picked from commit 3ed57e4) Co-authored-by: Christian Heimes <christian@python.org> Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
[3.10] pythongh-61460: Stronger HMAC in multiprocessing (pythonGH-20380)
See also #61460
Signed-off-by: Christian Heimes christian@python.org
#61460 formerly known as https://bugs.python.org/issue17258