== should not be used for cryptographic comparison
When both sides are cryptographic hashes or secrets, the == operator will compare them character by character and stop at the first mismatch. This means the time it takes to return false is dependent on how many characters match from the beginning.
== should not be used for cryptographic comparison
When both sides are cryptographic hashes or secrets, the == operator will compare them character by character and stop at the first mismatch. This means the time it takes to return false is dependent on how many characters match from the beginning.