Danger

This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

Constant time functions

This module contains functions for operating with secret data in a way that does not leak information about that data through how long it takes to perform the operation. These functions should be used whenever operating on secret data along with data that is user supplied.

An example would be comparing a HMAC signature received from a client to the one generated by the server code for authentication purposes.

For more information about this sort of issue, see Coda Hale’s blog post about the timing attacks on KeyCzar and Java’s MessageDigest.isEqual().

cryptography.hazmat.primitives.constant_time.bytes_eq(a, b)

Compares a and b with one another. If a and b have different lengths, this returns False immediately. Otherwise it compares them in a way that takes the same amount of time, regardless of how many characters are the same between the two.

>>> from cryptography.hazmat.primitives import constant_time
>>> constant_time.bytes_eq(b"foo", b"foo")
True
>>> constant_time.bytes_eq(b"foo", b"bar")
False

Parameters:

• a (bytes) – The left-hand side.

• b (bytes) – The right-hand side.

Returns bool:

True if a has the same bytes as b, otherwise False.

Raises:

TypeError – This exception is raised if a or b is not bytes.