Message162850
>> Why not write a C function which can be more secure than Python code?
> For Unicode strings, it's impossible to write a time-independent
> comparison function even in C
Really? Some comments sounded different. That's too bad but also what I suspected in the first place – it seems to complex.
However, this function seems only useful to bytes anyway so why not strip it down if it _is_ possible with bytes? Am I missing something?
>> I would argue that would be an general asset for the stdlib
> I would argue that it's not. No actual use case for this function
> has been demonstrated so far.
Well, one example: https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py and any other place that compares passwords, tokens, … |
|
Date |
User |
Action |
Args |
2012-06-15 07:08:33 | hynek | set | recipients:
+ hynek, loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall |
2012-06-15 07:08:32 | hynek | link | issue15061 messages |
2012-06-15 07:08:32 | hynek | create | |
|