secretutils

Secret utilities.

New in version 3.5.

oslo_utils.secretutils.constant_time_compare(a, b, /)

Return ‘a == b’.

This function uses an approach designed to prevent timing analysis, making it appropriate for cryptography.

a and b must both be of the same type: either str (ASCII only), or any bytes-like object.

Note: If a and b are of different lengths, or if an error occurs, a timing attack could theoretically reveal information about the types and lengths of a and b–but not their values.