On Fri, Apr 15, 2016 at 10:26:31AM +0200, Victor Stinner wrote: > It's easy to implement this function (in the native language of your Python > implemenation), it's short. I'm not sure that a Python version is really > safe. > > The secrets module is for Python 3.6, in this version the hmac already > "requires" the compare_digest() function no? The current version looks like this: try: from hmac import compare_digest except ImportError: # fallback version defined but I'm having second thoughts about this. I don't think it needs to support older versions of Python, but perhaps it needs to support implementations which don't include compare_digest? This isn't just a question about the secrets module. PEP 399 suggests than any C classes/functions should have a pure Python version as fallback, but compare_digest doesn't. I don't know whether it should or not. https://www.python.org/dev/peps/pep-0399/ -- Steve
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4