def _is_equal(b_a, b_b): """ Comparing 2 byte arrrays in constant time to avoid timing attacks. It would be nice if there was a library for this but hey. """ if not (isinstance(b_a, binary_type) and isinstance(b_b, binary_type)): raise TypeError('_is_equal can only be used to compare two byte strings') # http://codahale.com/a-lesson-in-timing-attacks/ if len(b_a) != len(b_b): return False result = 0 for b_x, b_y in zip(b_a, b_b): if PY3: result |= b_x ^ b_y else: result |= ord(b_x) ^ ord(b_y) return result == 0