[issue15061] hmac.secure_compare() leaks information about length of strings
Maciej Fijalkowski
report at bugs.python.org
Thu Jun 14 12:13:48 CEST 2012
Maciej Fijalkowski <fijall at gmail.com> added the comment:
Antoine, seriously? You want to explore a function that's called "secure" when the only thing you know about it is "probably secure"? This is extremely tricky business and I think it should be called secure only if you can prove it's secure. Otherwise it's plain insecure and should not be named that.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
More information about the Python-bugs-list
mailing list