Create UnSafeComparisonOfHash.py

2025-12-18 18:10:39 +01:00 · 2022-08-04 12:28:46 +01:00
parent 9c0a71d880
commit e28cf7ebe2
1 changed files with 17 additions and 0 deletions
--- a/python/ql/src/experimental/Security/CWE-208/UnSafeComparisonOfHash.py
+++ b/python/ql/src/experimental/Security/CWE-208/UnSafeComparisonOfHash.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+
+"""
+@Desc   ：timing attack Against Hash
+"""
+import hmac
+import hashlib
+
+key = "e179017a-62b0-4996-8a38-e91aa9f1"
+msg = "Test"
+
+def sign(pre_key, imsg, alg):
+    return hmac.new(pre_key, imsg, alg).digest()
+
+def verify(msg, sig):
+    return sig == sign(key, msg, hashlib.sha256) #bad