This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Jon.Oberheide, christian.heimes, fijall, hynek, loewis, ncoghlan, petri.lehtinen, pitrou, python-dev
Date 2012-06-19.13:10:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1340111416.71.0.996682452107.issue15061@psf.upfronthosting.co.za>
In-reply-to
Content
I've increased the priority to "release blocker".

Reason:
We should come to an agreement how to handle the issue. In particular we must not pronounce something as secure that isn't secure.

Options:

1) Remove the function.

2) Rename the function to a more sensible name and provide a bytes only implementation. I like the Jon's proposal and suggest timingsafe_compare().

2b) optionally create a C implementation as it's much easier to check C code for timing issues.
History
Date User Action Args
2012-06-19 13:10:16christian.heimessetrecipients: + christian.heimes, loewis, ncoghlan, pitrou, fijall, python-dev, petri.lehtinen, hynek, Jon.Oberheide
2012-06-19 13:10:16christian.heimessetmessageid: <1340111416.71.0.996682452107.issue15061@psf.upfronthosting.co.za>
2012-06-19 13:10:16christian.heimeslinkissue15061 messages
2012-06-19 13:10:15christian.heimescreate