i now understand what this does

author: Chris McDonough <chrism@plope.com> 2010-11-06 00:42:43 -0400
committer: Chris McDonough <chrism@plope.com> 2010-11-06 00:42:43 -0400
commit: 8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c (patch)
tree: 8d17e2f6272bd6a1907ac18ea4a499fba0ee3eb2
parent: 7e96fef8bf4df69b2547712c64d639e90ccbbab0 (diff)
download: pyramid-8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c.tar.gz
pyramid-8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c.tar.bz2
pyramid-8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/pyramid/session.py b/pyramid/session.py
index bbb08622a..b4bc34a6a 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -244,8 +244,8 @@ def signed_deserialize(serialized, secret, hmac=hmac):
 
     sig = hmac.new(secret, pickled, sha1).hexdigest()
 
-    # Avoid timing attacks (note that this is cadged from Pylons and I
-    # have no idea what it means)
+    # Avoid timing attacks (see
+    # http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf)
 
     if len(sig) != len(input_sig):
         raise ValueError('Wrong signature length')
author	Chris McDonough <chrism@plope.com>	2010-11-06 00:42:43 -0400
committer	Chris McDonough <chrism@plope.com>	2010-11-06 00:42:43 -0400
commit	8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c (patch)
tree	8d17e2f6272bd6a1907ac18ea4a499fba0ee3eb2
parent	7e96fef8bf4df69b2547712c64d639e90ccbbab0 (diff)
download	pyramid-8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c.tar.gz pyramid-8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c.tar.bz2 pyramid-8c4d7ace88b5bc05b1b770ade86c30f6a6cccc4c.zip