Remove a detailed discussion of content-based short circuiting, off topic for library docs.

1 files changed, 4 insertions, 13 deletions

diff --git a/Doc/library/hmac.rst b/Doc/library/hmac.rst
index 809636e..38f1687 100644
--- a/Doc/library/hmac.rst
+++ b/Doc/library/hmac.rst
@@ -70,22 +70,13 @@ This module also provides the following helper function:
 
 .. function:: compare_digest(a, b)
 
-   Return ``a == b``.  This function uses an approach designed to prevent timing
-   analysis by avoiding content based short circuiting behaviour, making it
-   appropriate for cryptography.  *a* and *b* must both be of the same type:
-   either :class:`str` (ASCII only, as e.g. returned by
+   Return ``a == b``.  This function uses an approach designed to prevent
+   timing analysis by avoiding content-based short circuiting behaviour,
+   making it appropriate for cryptography.  *a* and *b* must both be of the
+   same type: either :class:`str` (ASCII only, as e.g. returned by
    :meth:`HMAC.hexdigest`), or any type that supports the buffer protocol
    (e.g. :class:`bytes`).
 
-   Using a short circuiting comparison (that is, one that terminates as soon as
-   it finds any difference between the values) to check digests for correctness
-   can be problematic, as it introduces a potential vulnerability when an
-   attacker can control both the message to be checked *and* the purported
-   signature value.  By keeping the plaintext consistent and supplying different
-   signature values, an attacker may be able to use timing variations to search
-   the signature space for the expected value in O(n) time rather than the
-   desired O(2**n).
-
    .. note::
 
       If *a* and *b* are of different lengths, or if an error occurs,