New submission from Christian Heimes <li...@cheimes.de>:

The secure_compare() function immediately returns False when both strings don't 
have equal length. With the patch the run time of secure_compare() always 
depends on the length of the right side. It no longer gives away information 
about the length of the left side.

The patch should be applied in combination with the patch in issue #14955.

----------
components: IO
files: secure_compare_length.patch
keywords: needs review, patch
messages: 162739
nosy: christian.heimes
priority: normal
severity: normal
stage: patch review
status: open
title: hmac.secure_compare() leaks information of  length of strings
type: behavior
versions: Python 3.4
Added file: http://bugs.python.org/file26003/secure_compare_length.patch

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to