[issue15061] hmac.secure_compare() leaks information about length of strings
Serhiy Storchaka
report at bugs.python.org
Tue Jun 19 18:07:36 CEST 2012
Serhiy Storchaka <storchaka at gmail.com> added the comment:
Unicode string timing depends on the string implementation which depends on the maximum character code in the string. Strings 'A'*9999+'$' 'A'*9999+'€' have different timings for almost all operations (inluding encode('unicode-internal')).
----------
nosy: +storchaka
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue15061>
_______________________________________
More information about the Python-bugs-list
mailing list