• frezik@midwest.social
    link
    fedilink
    arrow-up
    1
    ·
    10 个月前

    If you’re checking passwords, you should be using constant time string checking, anyway.

    More likely, you should let your bcrypt library do it for you.