New submission from Christian Heimes <li...@cheimes.de>: The secure_compare() function immediately returns False when both strings don't have equal length. With the patch the run time of secure_compare() always depends on the length of the right side. It no longer gives away information about the length of the left side.
The patch should be applied in combination with the patch in issue #14955. ---------- components: IO files: secure_compare_length.patch keywords: needs review, patch messages: 162739 nosy: christian.heimes priority: normal severity: normal stage: patch review status: open title: hmac.secure_compare() leaks information of length of strings type: behavior versions: Python 3.4 Added file: http://bugs.python.org/file26003/secure_compare_length.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com