Christian Heimes <li...@cheimes.de> added the comment: I've attached a header for that implements a single C function timingsafe_eq(a, b). The file is targeted for Objects/stringlib/timingsafe.h. Please review the file.
Comments -------- - I only handle exact byte or unicode types (no subclasses) since a user may have overwritten __eq__ and I don't want to special case it. - The unicode path works only with compact ASCII strings. I'm not familiar with the new API so please scream if I did it wrong. - length difference is currently optimized, length 0 isn't. I could easily un-optimize the len(a) != len(b) case or optimize the len(a) == len(b) == 0 case. Open questions -------------- Where should I place the function? hashlib would be a nice place but there are multiple backends for hashlib. _hashopenssl.c seems wrong. ---------- Added file: http://bugs.python.org/file26068/timingsafe.h _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
