This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hynek
Recipients arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, pitrou
Date 2012-06-15.07:08:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <F432E3FD-4D58-4535-90B9-A3B6C4B978E5@ox.cx>
In-reply-to <4FDAD8DC.8020106@v.loewis.de>
Content
>> Why not write a C function which can be more secure than Python code?
> For Unicode strings, it's impossible to write a time-independent
> comparison function even in C

Really? Some comments sounded different. That's too bad but also what I suspected in the first place – it seems to complex.

However, this function seems only useful to bytes anyway so why not strip it down if it _is_ possible with bytes? Am I missing something?

>> I would argue that would be an general asset for the stdlib
> I would argue that it's not. No actual use case for this function
> has been demonstrated so far.

Well, one example: https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py and any other place that compares passwords, tokens, …
History
Date User Action Args
2012-06-15 07:08:33hyneksetrecipients: + hynek, loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall
2012-06-15 07:08:32hyneklinkissue15061 messages
2012-06-15 07:08:32hynekcreate