Message 162766 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	arigo, christian.heimes, fijall, hynek, pitrou
Date	2012-06-14.10:10:18
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1339668436.3355.2.camel@localhost.localdomain>
In-reply-to	<1339668167.56.0.337598586431.issue15061@psf.upfronthosting.co.za>

Content
> I don’t want to be the killjoy but I find it highly questionable to > add a function that is advertised as "secure" while we can't fully > grok the complexities at play. If we can't produce a provable secure > one, we should scrub the function for good; or at least rename it > somehow. The function is probably secure (modulo unseen bugs) in the bytestrings-of-the-same-size case. To make it "provably" secure, we could write a C version (which would be quite easy). For unicode strings things are a bit trickier though. Again, a C version could provide some guarantees (and could raise an error if the passed unicode strings use a different representation from each other).

> I don’t want to be the killjoy but I find it highly questionable to
> add a function that is advertised as "secure" while we can't fully
> grok the complexities at play. If we can't produce a provable secure
> one, we should scrub the function for good; or at least rename it
> somehow.

The function is probably secure (modulo unseen bugs) in the
bytestrings-of-the-same-size case. To make it "provably" secure, we
could write a C version (which would be quite easy).

For unicode strings things are a bit trickier though. Again, a C version
could provide some guarantees (and could raise an error if the passed
unicode strings use a different representation from each other).

History
Date	User	Action	Args
2012-06-14 10:10:19	pitrou	set	recipients: + pitrou, arigo, christian.heimes, fijall, hynek
2012-06-14 10:10:19	pitrou	link	issue15061 messages
2012-06-14 10:10:18	pitrou	create