random.expovariate() usage inside the check_user function

[theSyndical]

Raymond thanks for the amazing course!

i have a question regarding this snippet of code:

modernpython/pubsub/pubsub.py

Lines 85 to 89 in d305a09

	def check_user(user: User, password: str) -> bool:
	hashpass, salt = user_info[user].hashed_password
	target_hash_pass = hash_password(password, salt)[0]
	sleep(random.expovariate(10))
	return secrets.compare_digest(hashpass, target_hash_pass)

whats the point of a random sleep with exponential distribution ? to my knowledge it wont prevent timing attacks.
according to the documentation compare_digest is designed to prevent timing analysis so it already takes care of that for us.

thank you.