#0703
A login service compares a supplied password hash against the stored hash using the === operator (or equivalent). This short-circuits on the first mismatched character.
An attacker can measure how long each comparison takes. A guess that matches the first character takes slightly longer than one that doesn't — leaking one character at a time until the full hash is reconstructed.
The fix is to compare every character in both strings regardless of early mismatches, ensuring a constant execution time.
Timing side-channels allow remote attackers to reconstruct secrets one bit at a time. Constant-time comparison is mandatory for any security-sensitive equality check — tokens, HMACs, and password hashes.
verifyPassword to use a constant-time comparison that does not short-circuit on a mismatch.true when both hashes match, false otherwise.false for all non-matching inputs.verifyPassword('hash:abc', 'hash:abc')// → true
verifyPassword('hash:xyz', 'hash:abc')// → false
=== or == for the final comparison.