-
David Sinquin authored
An attacker knowing the salt but not the hash could try timming-attacks to guess a password hash and then try to find it from the hash. Although not a high risk, there is no good reason not to use a constant-time comparison, hence this commit.
ca08234a