Jon Oberheide <j...@oberheide.org> added the comment: > This is not time independent. Is it an issue?
You're correct, the length check does leak the length of the expected digest as a performance enhancement (otherwise, your comparison runtime is bounded by the length of the attackers input). Generally, exposing the length and thereby potentially the underlying cryptographic hash function (eg. 20 bytes -> hmac-sha1) is not considered a security risk for this type of scenario, whereas leaking key material certainly is. I considered including this nuance in the documentation and probably should. > It's better to write isinstance(a, bytes). You should raise a > TypeError if a is not a bytes or str. Ack, thanks. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14532> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com