Changes between Initial Version and Version 1 of Ticket #17040, comment 6
- Timestamp:
- Oct 26, 2011, 2:11:33 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #17040, comment 6
initial v1 1 I am by no crypto expert, but since constant_time_compare in the django and the contrib apps is only used to compare hashes or some sort of tokens I'd think it save to assume byte strings is the "right thing". Since a unicode string can use one or two bytes per char depending on the contents I think you are right about a constant time compare not being possible. 1 I am no crypto expert, but since constant_time_compare in django and in the contrib apps is only used to compare hashes or some sort of token. I'd think it save to assume byte strings is the "right thing". 2 3 Since a unicode string can use one or two bytes per char depending on the contents I think you are right about a constant time compare not being possible. 2 4 3 5 also calling ord() on a unicode char that is 2 bytes long results in a TypeError.