Nick Coghlan <ncogh...@gmail.com> added the comment: As a first step, I'm going to make a change to:
1. Rename the function to "compare_digest" 2. Remove the support for comparing strings 3. Update the documentation to be much clearer about its limitations (including why it's considered OK to leak the expected length of the digest) If a C implemented operator.total_compare is made available, then hmac.compare_digest could be updated to use it (retaining the length shortcircuiting behaviour) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
