Message163368
> You mean .encode()?
Yes, of cause. timingsafe_eq(a.encode('ascii'), b.encode('ascii')).
> > About code. Instead (PyBytes_CheckExact(a) && PyBytes_CheckExact(b)) you
> > should use ((PyBytes_CheckExact(a) != 0) & (PyBytes_CheckExact(b) !=
> > 0)).
>
> What's the difference? They are the same.
Laziness. If "a" (a secret key) is not bytes then PyBytes_CheckExact(b)
("b" is a user input) is not called. It exposes secret key type. I'm not
sure if it is real secret however. |
|
Date |
User |
Action |
Args |
2012-06-21 21:09:35 | serhiy.storchaka | set | recipients:
+ serhiy.storchaka, loewis, georg.brandl, ncoghlan, pitrou, christian.heimes, alex, fijall, python-dev, petri.lehtinen, hynek, Jon.Oberheide |
2012-06-21 21:09:34 | serhiy.storchaka | link | issue15061 messages |
2012-06-21 21:09:34 | serhiy.storchaka | create | |
|