|
|
|
|
|
|
by blocko
616 days ago
|
|
|
What is the rationale behind the following? > When comparing password hashes, use constant time comparison instead of ==. If you were comparing plaintext you'd get some info, but it seems overly cautious when comparing salted hashes. Maybe anticipating an unknown vulnerability in the hash function? |
|
|