This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author loewis
Recipients arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, pitrou
Date 2012-06-15.06:37:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <4FDAD835.4040003@v.loewis.de>
In-reply-to <1339724244.24.0.948516476868.issue15061@psf.upfronthosting.co.za>
Content
> Being able to tell people "using hmac.total_compare will make you
> less vulnerable to timing attacks than using ordinary short
> circuiting comparisons" is a *good thing*.

No, it's not. It's a *bad thing*. The two issues that have been
opened since the function was first submitted indicate that people
will keep inspecting the code and find out that it's not
time-independent. If they had been relying on that it is, they will
be upset. Since it's inherently impossible to make the function
time-independent, people will be constantly annoyed about this function.
I can't find anything good in that.

If nobody else does, I'll revert the addition before the beta. Note
that there is no *actual* issue that is being resolved by this function;
it was added only because of its cuteness value.
History
Date User Action Args
2012-06-15 06:37:44loewissetrecipients: + loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall, hynek
2012-06-15 06:37:43loewislinkissue15061 messages
2012-06-15 06:37:43loewiscreate