mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-12 21:09:13 +00:00
Code Issues 32 Releases Wiki Activity

Use the stdlib's compare_digest for constant time comparisons when available

Browse Source
This commit is contained in:
Alex Gaynor 2014-04-22 14:45:00 -07:00
parent 9fb95dfc9f
commit 58176dee88
1 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
django/utils/crypto.py
View File

@ -77,6 +77,10 @@ def get_random_string(length=12,
return ''.join(random.choice(allowed_chars) for i in range(length)) return ''.join(random.choice(allowed_chars) for i in range(length))
if hasattr(hmac, "compare_digest"):
# Prefer the stdlib implementation, when available.
constant_time_compare = hmac.compare_digest
else:
def constant_time_compare(val1, val2): def constant_time_compare(val1, val2):
""" """
Returns True if the two strings are equal, False otherwise. Returns True if the two strings are equal, False otherwise.