Message 163159 - Python tracker

Message163159

Author	christian.heimes
Recipients	Jon.Oberheide, christian.heimes, fijall, hynek, loewis, ncoghlan, petri.lehtinen, pitrou, python-dev
Date	2012-06-19.13:10:15
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1340111416.71.0.996682452107.issue15061@psf.upfronthosting.co.za>
In-reply-to

Content
I've increased the priority to "release blocker". Reason: We should come to an agreement how to handle the issue. In particular we must not pronounce something as secure that isn't secure. Options: 1) Remove the function. 2) Rename the function to a more sensible name and provide a bytes only implementation. I like the Jon's proposal and suggest timingsafe_compare(). 2b) optionally create a C implementation as it's much easier to check C code for timing issues.

Content

I've increased the priority to "release blocker".

Reason:
We should come to an agreement how to handle the issue. In particular we must not pronounce something as secure that isn't secure.

Options:

1) Remove the function.

2) Rename the function to a more sensible name and provide a bytes only implementation. I like the Jon's proposal and suggest timingsafe_compare().

2b) optionally create a C implementation as it's much easier to check C code for timing issues.

History
Date	User	Action	Args
2012-06-19 13:10:16	christian.heimes	set	recipients: + christian.heimes, loewis, ncoghlan, pitrou, fijall, python-dev, petri.lehtinen, hynek, Jon.Oberheide
2012-06-19 13:10:16	christian.heimes	set	messageid: <1340111416.71.0.996682452107.issue15061@psf.upfronthosting.co.za>
2012-06-19 13:10:16	christian.heimes	link	issue15061 messages
2012-06-19 13:10:15	christian.heimes	create