-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The documentation should show an example of typical correct usage #122
Comments
(Disclaimer: I never contributed to the crate, I merely use it and I want to help)
When using
You don't always want to convert back into For example, say you're checking both a username and a password:
In your case, I think yes you can call Assuming your passwords are say byte arrays if bool::from(password_in_request.ct_ne(&password_in_the_config)) {
bail!("Wrong password");
} However, after you convert into a
I think it would be a good idea to have examples and better explanations. Maybe I'll try making a PR for it. OTOH it's easy to use that crate incorrectly, and simply throwing an example that everyone will copy-paste without understanding what the crate does will probably cause problems. |
Thanks. BTW. From the top of my head: |
Yeah, you can write |
While it might seem obvious to people familiar with this crate, I am actually confused how to use this crate after just landing on it looking for a constant comparison crate.
What I want to do is:
for usual reasons.
I open https://docs.rs/subtle/ , I can see
ConstantTimeEq
and it is clear I should usect_eq
. But then ... why is it returningChoice
? Am I supposed to call.into()
on it? It seems so... ? But why can'tct_eq
returnbool
right away by doing that.into()
under the hood? Unclear.So, it seems to me that the documentation can be improved in two ways:
Choice
explain why: Why does it exist, why can'tct_eq
just returnbool
.The text was updated successfully, but these errors were encountered: