Closed joaqim closed 9 months ago
If this is intended - though I can't see why - there should be a comment explicitly mentioning it.
It is explicitly mentioned in the docs for users. The reason is that comparison with && is vulnerable to timing attacks because it short circuits.
&&
If this is intended - though I can't see why - there should be a comment explicitly mentioning it.