bdauvergne
commented
10 years ago It would be great byt hmac.compare_digest is only available since python 2.7.7. in the meantime I think a pure python implementation of compare_digest would improve things
rudolphfroger
Shouldn't this library use something like Pythons hmac.compare_digest instead of the == operator to reduce the vulnerability to timing attacks? This applies to accept_totp, accept_hotp functions and probably also for the OCRA code.