Answer the question
In order to leave comments, you need to log in
What's wrong with comparing strings in constant time?
From the PHP documentation:
Note that if you are using the crypt() function to verify a password, then you need to guard against timing attacks by using string comparisons that take constant time. Neither the PHP == and === operators, nor the strcmp() function are. The password_verify() function does exactly what it needs to.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question