[issue15061] hmac.secure_compare() leaks information about length of strings
Antoine Pitrou
report at bugs.python.org
Fri Jun 15 12:31:57 CEST 2012
Antoine Pitrou <pitrou at free.fr> added the comment:
> I could wrap up a quick C implementation if you like. The operator
> module is a better place for a total_compare() function. Do you a
> agree?
I think the function is fine in either hashlib or hmac. Putting it in
one of these modules is a hint that it's security-related. On the other
hand, linking to it from these modules' documentations is just as fine,
if it is put in the operator module.
If you make a C implementation, it could also be interesting to cover
the pure-ASCII unicode case.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
More information about the Python-bugs-list
mailing list