Hynek Schlawack <h...@ox.cx> added the comment: >> Why not write a C function which can be more secure than Python code? > For Unicode strings, it's impossible to write a time-independent > comparison function even in C
Really? Some comments sounded different. That's too bad but also what I suspected in the first place – it seems to complex. However, this function seems only useful to bytes anyway so why not strip it down if it _is_ possible with bytes? Am I missing something? >> I would argue that would be an general asset for the stdlib > I would argue that it's not. No actual use case for this function > has been demonstrated so far. Well, one example: https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py and any other place that compares passwords, tokens, … ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
