Antoine Pitrou <pit...@free.fr> added the comment:
> > > - I only handle exact byte or unicode types (no subclasses) since a
> > > user may have overwritten __eq__ and I don't want to special case it.
> > We could handle all bytes-compatible objects, using the buffer API.
>
> It is timing unsafe.
How so?
> > > - The unicode path works only with compact ASCII strings. I'm not
> > > familiar with the new API so please scream if I did it wrong.
> > It looks ok to me.
>
> The user can just do timingsafe_eq(a.decode('ascii'),
> b.decode('ascii')).
I don't think that's the right answer, because people will instead e.g.
encode('utf-8'), and suddently the encodingly will not be timing-safe.
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
