[issue15061] hmac.secure_compare() leaks information of length of strings
Armin Rigo
report at bugs.python.org
Thu Jun 14 11:19:00 CEST 2012
Armin Rigo <arigo at users.sourceforge.net> added the comment:
fijal: while I agree with you, the limit for small ints has actually been pushed to 257 in recent CPythons. So it should still theoretically work --- of course, assuming a predictable CPU, which is wrong, and assuming a simple interpreter. (We can probably dig enough to find a timing issue even with CPython, and of course it's clear with any of the other Python interpreters out there.)
----------
nosy: +arigo
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
More information about the Python-bugs-list
mailing list