Jon Oberheide <j...@oberheide.org> added the comment: On a side note, it may be useful to follow the conventions that already exist in OpenBSD for their timingsafe_bcmp(3):
http://www.rootr.net/man/man/timingsafe_bcmp/3 "timingsafe" may be a more reasonable naming convention that is a bit less strong the "secure" which may be more appropriate. Also, the implementation does leak the length of the string (well, actually you provide the length "n", but in real-world usage "n" is the static length of the expected input): ftp://ftp.fr.openbsd.org/pub/OpenBSD/src/lib/libc/string/timingsafe_bcmp.c ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue15061> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com