This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients Jon.Oberheide, alex, christian.heimes, fijall, georg.brandl, hynek, loewis, ncoghlan, petri.lehtinen, pitrou, python-dev, serhiy.storchaka
Date 2012-06-21.21:45:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1340314923.3400.0.camel@localhost.localdomain>
In-reply-to <1340312157.2703.17.camel@raxxla>
Content 
> > > - I only handle exact byte or unicode types (no subclasses) since a
> > > user may have overwritten __eq__ and I don't want to special case it.
> > We could handle all bytes-compatible objects, using the buffer API.
> 
> It is timing unsafe.

How so?

> > > - The unicode path works only with compact ASCII strings. I'm not
> > > familiar with the new API so please scream if I did it wrong.
> > It looks ok to me.
> 
> The user can just do timingsafe_eq(a.decode('ascii'),
> b.decode('ascii')).

I don't think that's the right answer, because people will instead e.g.
encode('utf-8'), and suddently the encodingly will not be timing-safe.
History
Date User Action Args
2012-06-21 21:45:31pitrousetrecipients: + pitrou, loewis, georg.brandl, ncoghlan, christian.heimes, alex, fijall, python-dev, petri.lehtinen, hynek, serhiy.storchaka, Jon.Oberheide
2012-06-21 21:45:30pitroulinkissue15061 messages
2012-06-21 21:45:29pitroucreate