[issue21306] PEP 466: backport hmac.compare_digest
Donald Stufft
report at bugs.python.org
Sat May 31 17:14:57 CEST 2014
Donald Stufft added the comment:
That's also a security sensitive thing, you don't want to compare two different encoding and have it accidentally fail. Strictly speaking you can only do a constant time comparison on bytes, the fact it accepts unicode at all (even on Python 3.x) is a convenience feature.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21306>
_______________________________________
More information about the Python-bugs-list
mailing list