Message163390
> The error will be if code works for developer from ASCII word, and then
> on the other side of ocean it will no longer work with non-ASCII
> strings. You are expected to be familiar with such issues. In any case,
> the obvious (and simplest, and fastest) way to check that a string is
> ASCII-only is try to encoded it to ASCII.
No, the fastest way is to check the kind attribute of the unicode object in C code. That doesn't involve any additional conversion or Python function call. The function is deliberately limited.
The ASCII fallback is very useful as most people will store hex encoded bytes of their passphrases in their databases. With ASCII support you can do timingsafe_compare(hex_from_db, hmac.hexdigest()).
Maciej:
http://pastebin.com/ZAAjSkJh
The C function is one order of magnitude faster and the spread is one order smaller. 1e-07 is within the noise level on my idle computer. A busy server will have a higher noise level. |
|
Date |
User |
Action |
Args |
2012-06-22 10:09:10 | christian.heimes | set | recipients:
+ christian.heimes, loewis, georg.brandl, ncoghlan, pitrou, alex, fijall, python-dev, petri.lehtinen, hynek, serhiy.storchaka, Jon.Oberheide |
2012-06-22 10:09:09 | christian.heimes | set | messageid: <1340359749.6.0.855359121667.issue15061@psf.upfronthosting.co.za> |
2012-06-22 10:09:09 | christian.heimes | link | issue15061 messages |
2012-06-22 10:09:08 | christian.heimes | create | |
|