streql - Constant-time string comparison
Dear debian-python,
I am looking for a sponsor for my package "streql".
In Python, the code for testing the equality of strings is susceptible
to a "timing side channel attack". The package 'streql' provides a
function for comparing strings of equal length in equal time, regardless
of the content of the strings.
This package has already been discussed in depth on debian-security:
https://lists.debian.org/debian-security/2014/10/threads.html#00060
* Package name : streql
Version : 3.0.2-1
Upstream Author : Peter Scott <peter@cueup.com>
* URL : https://github.com/PeterScott/streql
* License : Apache 2.0
Section : python
It builds those binary packages:
python-streql - Constant-time string comparison (Python 2)
python3-streql - Constant-time string comparison (Python 3)
pypy-streql - Constant-time string comparison (PyPy)
To access further information about this package, please visit the following
URL:
http://mentors.debian.net/package/streql
Alternatively, one can download the package with dget using this command:
dget -x
http://mentors.debian.net/debian/pool/main/s/streql/streql_3.0.2-1.dsc
Changes since last upload:
* Initial release (Closes: #764443)
Regards,
Riley Baird
Reply to: