This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Jon.Oberheide
Recipients Jon.Oberheide, christian.heimes, fijall, hynek, loewis, ncoghlan, petri.lehtinen, pitrou, python-dev
Date 2012-06-16.03:16:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1339816589.81.0.485383642579.issue15061@psf.upfronthosting.co.za>
In-reply-to
Content
On a side note, it may be useful to follow the conventions that already exist in OpenBSD for their timingsafe_bcmp(3):

http://www.rootr.net/man/man/timingsafe_bcmp/3

"timingsafe" may be a more reasonable naming convention that is a bit less strong the "secure" which may be more appropriate.

Also, the implementation does leak the length of the string (well, actually you provide the length "n", but in real-world usage "n" is the static length of the expected input):

ftp://ftp.fr.openbsd.org/pub/OpenBSD/src/lib/libc/string/timingsafe_bcmp.c
History
Date User Action Args
2012-06-16 03:16:29Jon.Oberheidesetrecipients: + Jon.Oberheide, loewis, ncoghlan, pitrou, christian.heimes, fijall, python-dev, petri.lehtinen, hynek
2012-06-16 03:16:29Jon.Oberheidesetmessageid: <1339816589.81.0.485383642579.issue15061@psf.upfronthosting.co.za>
2012-06-16 03:16:29Jon.Oberheidelinkissue15061 messages
2012-06-16 03:16:28Jon.Oberheidecreate