[issue15061] hmac.secure_compare() leaks information about length of strings
Martin v. Löwis
report at bugs.python.org
Fri Jun 15 10:03:29 CEST 2012
Martin v. Löwis <martin at v.loewis.de> added the comment:
> Is comparing passwords against a secure one not useful?
I claim that this use case doesn't occur in practice. Everybody uses
hashed passwords. If they do compare against a plain-text password,
and they want to change something about it, they should switch to
hashed passwords.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
More information about the Python-bugs-list
mailing list