Re: streql - Constant-time string comparison
On Tue, Oct 28, 2014 at 12:08 PM, Riley Baird
<BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix@bitmessage.ch> wrote:
> Dear debian-security,
>
> I am looking for a sponsor for my package "streql".
>
> In Python, the code for testing the equality of strings is susceptible
> to a "timing side channel attack". The package 'streql' provides a
> function for comparing strings of equal length in equal time, regardless
> of the content of the strings.
>
> * Package name : streql
> Version : 3.0.2-1
> Upstream Author : Peter Scott <peter@cueup.com>
> * URL : https://github.com/PeterScott/streql
> * License : Apache 2.0
> Section : python
>
> It builds those binary packages:
>
> python-streql - Constant-time string comparison (Python 2)
> python3-streql - Constant-time string comparison (Python 3)
> pypy-streql - Constant-time string comparison (PyPy)
>
> To access further information about this package, please visit the following
> URL:
>
> http://mentors.debian.net/package/streql
>
> Alternatively, one can download the package with dget using this command:
>
> dget -x
> http://mentors.debian.net/debian/pool/main/s/streql/streql_3.0.2-1.dsc
>
> Changes since last upload:
>
> * Initial release (Closes: #764443)
>
> Regards,
> Riley Baird
I have a suggestion which I
Joel Rees
Be careful when you see conspiracy.
Look first in your own heart,
and ask yourself if you are not your own worst enemy.
Arm yourself with knowledge of yourself.
Reply to: