It's easy to implement this function (in the native language of your Python implemenation), it's short. I'm not sure that a Python version is really safe. The secrets module is for Python 3.6, in this version the hmac already "requires" the compare_digest() function no? Victor

On 15 April 2016 at 14:52, Steven D'Aprano wrote:

Now that PEP 506 has been approved, I've checked in the secrets module, but an implementation question has come up regarding compare_digest.

Currently, the module tries to import hmac.compare_digest, and if that fails, then it falls back to a Python version. But since compare_digest has been available since 3.3, I'm now questioning whether the fallback is useful at all. Perhaps for alternate Python implementations?

So, two questions:

- should secrets include a fallback?

It definitely *shouldn't* include a fallback, as the function needs to be writen in C (or some other not-normal-Python-code language) in order to provide the appropriate timing guarantees. We added hmac.compare_digest in response to Python web frameworks providing their own pure Python "constant time" comparison functions that were nevertheless still subject to remote timing atacks. I'd forgotten about the hmac vs operator indirection, but it's still better to import the public API from hmac (since operator._compare_digest is a Python implementation detail, and you may as well make it easy to extract the secrets module for use in earlier versions - 2.7 also gained hmac.compare_digest as part of PEP 466). Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia