|
|
|
|
|
|
by philjohn
2329 days ago
|
|
|
You should never have been doing that in the first place, checking password hashes should use a constant time equality check to prevent timing attacks. Just so happens there is now one in PHP - hash_equals, but even before that you could do a constant time equality check trivially by hand. |
|
|