Antoine Pitrou <pit...@free.fr> added the comment: > I don’t want to be the killjoy but I find it highly questionable to > add a function that is advertised as "secure" while we can't fully > grok the complexities at play. If we can't produce a provable secure > one, we should scrub the function for good; or at least rename it > somehow.
The function is probably secure (modulo unseen bugs) in the bytestrings-of-the-same-size case. To make it "provably" secure, we could write a C version (which would be quite easy). For unicode strings things are a bit trickier though. Again, a C version could provide some guarantees (and could raise an error if the passed unicode strings use a different representation from each other). ---------- title: hmac.secure_compare() leaks information about length of strings -> hmac.secure_compare() leaks information about length of strings _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
