id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36546	Deprecate django.utils.crypto.constant_time_compare()	Tim Graham	Pravin	"Historically it was a bespoke implementation (added in 45c7f427ce830dd1b2f636fb9c244fda9201cadb) before the stdlib implementation was preferred (58176dee88ac7c1038c7f685af023e634b143d02). Now it's just alias of `secrets.compare_digest` (which itself is [https://github.com/python/cpython/blob/dd079db4b96fa474b8e6d71ae9db662c4ce28caf/Lib/secrets.py#L17 an alias] of `hmac.compare_digest`, which was used before 1d0bab0bfd77edcf1228d45bf654457a8ff1890d).

`constant_time_compare()` does call `force_bytes()` on its arguments but this was a workaround for Python 2.7 (7e3cf3cfd27e53ced0a1fc65a02849f78a292d3d) and no tests in Django's test suite fail with those calls removed."	Cleanup/optimization	assigned	Utilities	dev	Normal			JaeHyuckSa Pravin	Someday/Maybe	1	0	0	0	0	0