[issue14955] hmac.secure_compare() is not time-independent for unicode strings
Antoine Pitrou
report at bugs.python.org
Thu Jun 14 13:01:50 CEST 2012
Antoine Pitrou <pitrou at free.fr> added the comment:
With PEP 393 unicode objects can have several representations, which makes it unlikely that *really* constant-timing functions can be devised.
However, a C version could provide some guarantees, by raising an error if the passed unicode strings use a different representation from each other.
----------
nosy: +pitrou
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14955>
_______________________________________
More information about the Python-bugs-list
mailing list