diff options
| author | Eli Collins <elic@assurancetechnologies.com> | 2011-12-02 15:56:14 -0500 |
|---|---|---|
| committer | Eli Collins <elic@assurancetechnologies.com> | 2011-12-02 15:56:14 -0500 |
| commit | 35ceb3862ff6ab8187122003421670d263ced591 (patch) | |
| tree | 7dc8ee9eadd3b5736fa5cef267574e4df8d68986 /passlib | |
| parent | 3a48462b540c1ef47099d0f8dc3feacf564dc74a (diff) | |
| download | passlib-35ceb3862ff6ab8187122003421670d263ced591.tar.gz | |
updated documentation to use some cloud_sptheme 1.3 features
* escaped {} literals in *samp* roles - used on some doc pages
* google analytics integration for pypi docs
Diffstat (limited to 'passlib')
| -rw-r--r-- | passlib/utils/__init__.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/passlib/utils/__init__.py b/passlib/utils/__init__.py index 1315174..bc035fc 100644 --- a/passlib/utils/__init__.py +++ b/passlib/utils/__init__.py @@ -471,7 +471,7 @@ def consteq(left, right): # Why ``THETA(len(right))``? # Assuming the attacker controls one of the two inputs, padding to # the largest input or trimming to the smallest input both allow - # a timing attack to reveal the length of the controlled input. + # a timing attack to reveal the length of the other input. # However, by fixing the runtime to be proportional to the right input: # * If the right value is attacker controlled, the runtime is proportional # to their input, giving nothing away about the left value's size. @@ -495,6 +495,8 @@ def consteq(left, right): raise TypeError("inputs must be both unicode or bytes") # do size comparison. + # XXX: this does one extra branch instruction when the string lengths don't + # match, compared to when they do. would be nice to equalize the cases. if len(left) == len(right): # if sizes are the same, setup loop to perform actual check of contents. tmp = left |