Dictionary Attack in Django with Hmac Signatures

A Dictionary Attack against Django APIs that rely on HMAC Signatures for request authentication can occur when an attacker iterates over a list of likely secrets to forge valid signatures. HMAC-based authentication typically works by having the client compute a signature (e.g., HMAC-SHA256) of a canonical string that includes a timestamp, a nonce or request identifier, and possibly the payload, using a shared secret as the key. The server recomputes the signature using the same method and the stored shared secret, then compares the two signatures in constant time. If an attacker can obtain a valid signature for at least one request, they may attempt a dictionary attack by guessing the shared secret and checking whether the guessed secret reproduces the observed signature.

The vulnerability surface arises when the implementation does not adequately protect the shared secret and does not enforce strict request constraints. In Django, common mistakes include:

• Using a low-entropy secret (e.g., hardcoded strings, short keys) that is feasible to brute-force from observed signatures.
• Accepting requests with reused nonces or missing nonce/timestamp validation, which enables replay and offline verification.
• Performing signature comparison in a way vulnerable to timing attacks, allowing attackers to learn partial information about the correct secret.
• Exposing endpoints that sign predictable data without binding contextual elements such as the HTTP method, path, and selected headers, making signatures transferable across requests.

Consider a Django view that expects an X-API-Signature header containing HMAC-SHA256(salt + timestamp + nonce + body) computed with a shared secret. If the server does not enforce strict one-time use of nonces and does not validate timestamps tightly, an attacker who captures a valid signature can iterate over a dictionary of candidate secrets, recompute the HMAC for the captured data, and compare it against the observed signature. Successful matches reveal the secret. This risk is compounded if the signature scheme does not include the request method and path, allowing an attacker to reuse a forged signature on a different endpoint if the canonical string construction is not carefully designed.

Additionally, if the secret is stored in settings as a plain string and accidentally exposed through logs, error messages, or source code repositories, the dictionary attack becomes significantly easier. Automated tools can correlate public API endpoints with leaked signature examples, making offline brute-force practical. Even when the server enforces HTTPS, the integrity of the HMAC scheme depends on keeping the shared secret confidential; a leaked secret allows an attacker to impersonate any client.

To detect such issues, scans evaluate whether the API requires strong, high-entropy secrets, binds the signature to request metadata (method, path, headers), enforces strict nonce and timestamp windows, and uses constant-time comparison. Without these controls, a dictionary attack against HMAC signatures becomes a realistic threat, especially when weak secrets are in play.

Remediation focuses on secret management, canonical request construction, and safe comparison. Use a high-entropy secret stored securely (e.g., environment variables or a secrets manager), bind the signature to the HTTP method, path, selected headers, timestamp, and nonce, and enforce tight validation windows. Always compare signatures using constant-time functions to prevent timing attacks.

Example: Secure HMAC-SHA256 request signing in Django

import hmac
import hashlib
import time
import secrets
from typing import Optional
from django.http import HttpRequest, HttpResponse
from django.conf import settings

# Generate a high-entropy secret and store it safely, e.g.:
# SECRET_KEY = os.environ.get('HMAC_SHARED_SECRET')  # 32+ random bytes base64-encoded
# In settings, ensure it's loaded securely:
# HMAC_SHARED_SECRET = getattr(settings, 'HMAC_SHARED_SECRET')

def generate_canonical_string(
    method: str,
    path: str,
    headers: dict,
    timestamp: str,
    nonce: str,
    body: bytes
) -> str:
    """
    Canonical string binds method, path, selected headers, timestamp, nonce, and body.
    Keep this deterministic on both client and server.
    """
    # Example: include specific headers to prevent signature migration across endpoints
    included_headers = sorted([headers.get('x-request-id', ''), headers.get('content-type', '')])
    header_block = '|'.join(included_headers)
    return f'{method}|{path}|{header_block}|{timestamp}|{nonce}|{body.hex()}'

def compute_signature(secret: bytes, canonical: str) -> str:
    mac = hmac.new(secret, canonical.encode('utf-8'), hashlib.sha256)
    return mac.hexdigest()

def verify_hmac_signature(request: HttpRequest) -> Optional[bool]:
    """
    Verify HMAC signature with replay and timing protections.
    Returns True if valid, False if invalid, None if insufficient data.
    """
    signature = request.META.get('HTTP_X_API_SIGNATURE')
    timestamp = request.META.get('HTTP_X_TIMESTAMP')
    nonce = request.META.get('HTTP_X_NONCE')
    if not signature or not timestamp or not nonce:
        return None

    # Enforce a tight timestamp window (e.g., 5 minutes) to prevent replay
    try:
        req_timestamp = int(timestamp)
    except ValueError:
        return False
    now = int(time.time())
    if abs(now - req_timestamp) > 300:
        return False

    # Ensure nonce has not been used before (store recent nonces in cache/db)
    # Example placeholder:
    # if cache.get(f'nonce:{nonce}'):
    #     return False
    # cache.set(f'nonce:{nonce}', True, timeout=600)

    method = request.method
    path = request.path
    headers = {
        'x-request-id': request.META.get('HTTP_X_REQUEST_ID', ''),
        'content-type': request.META.get('CONTENT_TYPE', ''),
    }
    body = request.body
    canonical = generate_canonical_string(method, path, headers, timestamp, nonce, body)
    expected = compute_signature(settings.HMAC_SHARED_SECRET.encode('utf-8'), canonical)

    # Use hmac.compare_digest for constant-time comparison
    if not hmac.compare_digest(expected, signature):
        return False

    # Mark nonce as used here (pseudo)
    # cache.set(f'nonce:{nonce}', True, timeout=600)
    return True

def my_protected_view(request):
    result = verify_hmac_signature(request)
    if result is None:
        return HttpResponse('Missing signature fields', status=400)
    if result is False:
        return HttpResponse('Invalid signature', status=403)
    # Proceed with authenticated logic
    return HttpResponse('OK')

Key remediation practices

• High-entropy secret: Use a long, random secret stored outside source code (e.g., environment variable or secrets manager).
• Canonical binding: Include HTTP method, path, selected headers, timestamp, nonce, and body in the signed string to prevent cross-endpoint reuse.
• Nonce and timestamp validation: Reject reused nonces and enforce a tight timestamp window (for example, ±5 minutes).
• Constant-time comparison: Use hmac.compare_digest to avoid timing leaks.
• Secure storage and rotation: Rotate secrets periodically and avoid logging the shared secret.

By combining these practices, Django services can mitigate dictionary attacks against HMAC signatures while maintaining compatibility with standard HMAC-based authentication patterns.