Message163159
I've increased the priority to "release blocker".
Reason:
We should come to an agreement how to handle the issue. In particular we must not pronounce something as secure that isn't secure.
Options:
1) Remove the function.
2) Rename the function to a more sensible name and provide a bytes only implementation. I like the Jon's proposal and suggest timingsafe_compare().
2b) optionally create a C implementation as it's much easier to check C code for timing issues. |
|
Date |
User |
Action |
Args |
2012-06-19 13:10:16 | christian.heimes | set | recipients:
+ christian.heimes, loewis, ncoghlan, pitrou, fijall, python-dev, petri.lehtinen, hynek, Jon.Oberheide |
2012-06-19 13:10:16 | christian.heimes | set | messageid: <1340111416.71.0.996682452107.issue15061@psf.upfronthosting.co.za> |
2012-06-19 13:10:16 | christian.heimes | link | issue15061 messages |
2012-06-19 13:10:15 | christian.heimes | create | |
|