streql - Constant-time string comparison

To: debian-python@lists.debian.org
Subject: streql - Constant-time string comparison
From: Riley Baird <BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix@bitmessage.ch>
Date: Sat, 08 Nov 2014 07:26:40 +1100
Message-id: <[🔎] 545D2B00.1080105@bitmessage.ch>

Dear debian-python,

I am looking for a sponsor for my package "streql".

In Python, the code for testing the equality of strings is susceptible
to a "timing side channel attack". The package 'streql' provides a
function for comparing strings of equal length in equal time, regardless
of the content of the strings.

This package has already been discussed in depth on debian-security:
https://lists.debian.org/debian-security/2014/10/threads.html#00060

* Package name    : streql
  Version         : 3.0.2-1
  Upstream Author : Peter Scott <peter@cueup.com>
* URL             : https://github.com/PeterScott/streql
* License         : Apache 2.0
  Section         : python

It builds those binary packages:

python-streql - Constant-time string comparison (Python 2)
python3-streql - Constant-time string comparison (Python 3)
pypy-streql - Constant-time string comparison (PyPy)

To access further information about this package, please visit the following
URL:

http://mentors.debian.net/package/streql

Alternatively, one can download the package with dget using this command:

dget -x
http://mentors.debian.net/debian/pool/main/s/streql/streql_3.0.2-1.dsc

Changes since last upload:

* Initial release (Closes: #764443)

Regards,
Riley Baird

Reply to:

Prev by Date: Re: Want to contribute to open source
Next by Date: Could you take over my package Kivy?
Previous by thread: Re: Want to contribute to open source
Next by thread: Could you take over my package Kivy?
Index(es):
- Date
- Thread