Charles-François Natali <neolo...@free.fr> added the comment: > You call it obfuscating, I call it security correctness and developer > education. Tomayto, tomahto. ;-)
Well, I'd be prompt to changing to a more robust digest check algorithm if the current one had a flaw, but AFAICT, it's not the case (but I'm no security expert). > Anywho, your call of course, feel free to close. Being a core Python developer doesn't mean I'm right ;-) I just don't think that "set an example for other hmac module users" is a good reason on its own to complicate the code, which is currently readable and - AFICT - safe (complexity usually introduces bugs). Furthermore, I somehow doubt that hmac users will go and have a look at the multiprocessing connection challenge code when looking for an example. One thing that could definitely be interesting is to look through the code base and example to see if a similar - but vulnerable - pattern is used, and fix such occurrences. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14532> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
