This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ncoghlan
Recipients christian.heimes, fijall, hynek, loewis, ncoghlan, petri.lehtinen, pitrou
Date 2012-06-15.10:52:36
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1339757556.89.0.400384454931.issue15061@psf.upfronthosting.co.za>
In-reply-to
Content
As a first step, I'm going to make a change to:

1. Rename the function to "compare_digest"
2. Remove the support for comparing strings
3. Update the documentation to be much clearer about its limitations (including why it's considered OK to leak the expected length of the digest)

If a C implemented operator.total_compare is made available, then hmac.compare_digest could be updated to use it (retaining the length shortcircuiting behaviour)
History
Date User Action Args
2012-06-15 10:52:36ncoghlansetrecipients: + ncoghlan, loewis, pitrou, christian.heimes, fijall, petri.lehtinen, hynek
2012-06-15 10:52:36ncoghlansetmessageid: <1339757556.89.0.400384454931.issue15061@psf.upfronthosting.co.za>
2012-06-15 10:52:36ncoghlanlinkissue15061 messages
2012-06-15 10:52:36ncoghlancreate