[issue15061] hmac.secure_compare() leaks information about length of strings

Antoine Pitrou report at bugs.python.org
Thu Jun 14 12:18:29 CEST 2012

Antoine Pitrou <pitrou at free.fr> added the comment:

> Antoine, seriously? You want to explore a function that's called
> "secure" when the only thing you know about it is "probably secure"?
> This is extremely tricky business and I think it should be called
> secure only if you can prove it's secure. Otherwise it's plain
> insecure and should not be named that.

What's the methodology to "prove" that it's secure?

We could rename "secure" to "safe" to downtone it a bit, but it's still
an improvement on the nominal equality comparison.


Python tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list