Message162847
| Author |
loewis |
| Recipients |
arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, pitrou |
| Date |
2012年06月15日.06:37:43 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<4FDAD835.4040003@v.loewis.de> |
| In-reply-to |
<1339724244.24.0.948516476868.issue15061@psf.upfronthosting.co.za> |
| Content |
> Being able to tell people "using hmac.total_compare will make you
> less vulnerable to timing attacks than using ordinary short
> circuiting comparisons" is a *good thing*.
No, it's not. It's a *bad thing*. The two issues that have been
opened since the function was first submitted indicate that people
will keep inspecting the code and find out that it's not
time-independent. If they had been relying on that it is, they will
be upset. Since it's inherently impossible to make the function
time-independent, people will be constantly annoyed about this function.
I can't find anything good in that.
If nobody else does, I'll revert the addition before the beta. Note
that there is no *actual* issue that is being resolved by this function;
it was added only because of its cuteness value. |
|