This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, fijall, hynek, loewis, ncoghlan, petri.lehtinen, pitrou
Date 2012-06-15.10:00:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1339754422.02.0.747287512063.issue15061@psf.upfronthosting.co.za>
In-reply-to
Content 
Oh dead god, what have I done ... I threw a small stone and caused a major landslide. :)

I'm all with Nick on this topic. A correctly named and documented function provides a tool to users that greatly reduced the change of a side channel attack. It's all about teaching good practice. I also agree that we must neither call it 'secure' nor documented it as 'secure'. I believe the correct term is 'hardened against timing analysis and side channel attacks'

I could wrap up a quick C implementation if you like. The operator module is a better place for a total_compare() function. Do you a agree?

I recommend that you read/watch Geremy Condra's  PyCon talk "Through the Side Channel: Timing and Implementation Attacks in Python". The slides contain timing analysis diagrams.
History
Date User Action Args
2012-06-15 10:00:22christian.heimessetrecipients: + christian.heimes, loewis, ncoghlan, pitrou, fijall, petri.lehtinen, hynek
2012-06-15 10:00:22christian.heimessetmessageid: <1339754422.02.0.747287512063.issue15061@psf.upfronthosting.co.za>
2012-06-15 10:00:20christian.heimeslinkissue15061 messages
2012-06-15 10:00:20christian.heimescreate