[issue15061] hmac.secure_compare() leaks information about length of strings

[Antoine Pitrou]

Antoine Pitrou <pitrou at free.fr> added the comment:

I'm not really happy with the addition of a separate extension module for a single private function. You could just put it in the operator module, for instance.

Also, the idea was not to expose timingsafe_cmp but to use it in compare_digest().

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________